使用ADFS声明的ASP.NET Web应用程序授权
我使用ASP.NET构建了一个动态数据web应用程序。我还为授权经理组织了一些课程。我不确定的一件事是,如何将其插入web应用程序中,使其仅具有基于ADFS声明的特定角色的用户才能访问该应用程序。为了安全起见,我提取了少量代码。以下是我目前拥有的文件: 授权助手:使用ADFS声明的ASP.NET Web应用程序授权,asp.net,authorization,roles,asp.net-dynamic-data,Asp.net,Authorization,Roles,Asp.net Dynamic Data,我使用ASP.NET构建了一个动态数据web应用程序。我还为授权经理组织了一些课程。我不确定的一件事是,如何将其插入web应用程序中,使其仅具有基于ADFS声明的特定角色的用户才能访问该应用程序。为了安全起见,我提取了少量代码。以下是我目前拥有的文件: 授权助手: using System; using System.Collections.Generic; using System.Linq; using System.Security; using System.Web; namespac
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security;
using System.Web;
namespace ApplicationManager.Authorization
{
public class AuthorizationHelper
{
/// <summary>
/// Checks the access.
/// </summary>
/// <param name="resource">The resource.</param>
/// <param name="action">The action.</param>
/// <returns></returns>
public static bool CheckAccess(string resource, string action)
{
AuthorizationContext context = new AuthorizationContext(HttpContext.Current.User as IClaimsPrincipal, resource, action);
return FederatedAuthentication.ServiceConfiguration.ClaimsAuthorizationManager.CheckAccess(context);
}
/// <summary>
/// Checks the access for an action based on user context.
/// </summary>
/// <param name="resource">The resource.</param>
/// <param name="action">The action.</param>
/// <param name="user">The user.</param>
/// <returns></returns>
public static bool CheckAccess(string resource, string action, UserInfo user)
{
AuthorizationContext context = new AuthorizationContext(HttpContext.Current.User as IClaimsPrincipal, resource, action);
AuthorizationManager authManager = (AuthorizationManager)FederatedAuthentication.ServiceConfiguration.ClaimsAuthorizationManager;
return authManager.CheckAccess(context, user);
}
/// <summary>
/// Confirmes the logged in user has access to perform the specified action on the user.
/// </summary>
/// <param name="resource">The resource.</param>
/// <param name="action">The action.</param>
/// <param name="user">The user.</param>
/// <exception cref="System.Security.SecurityException"></exception>
public static void ConfirmAccess(string resource, string action, UserInfo user)
{
if (!CheckAccess(resource, action, user))
{
throw new SecurityException(string.Format("{0} does not have rights to manage {1}. Please contact the idm security administrator.", HttpContext.Current.User.Identity.Name, user.UserId));
}
}
}
}
操作:
namespace ApplicationManager.Authorization
{
public class Operations
{
public const string ApplicationManager = "Applications";
}
}
资源:
namespace ApplicationManager.Authorization
{
public class Resources
{
public const string ApplicationManager = "Applications";
}
}
我希望插入这一切,并根据用户所处的角色拒绝使用该应用程序。我确实有获取userid和userrole的模型。我需要知道在何处以及如何编写此代码,以根据用户角色阻止对完整应用程序的访问 您需要在管道中注册索赔身份验证管理器。它会根据每个请求发出:
听起来你可以编写一个HttpModule并将其插入你的web.config中,我读了那篇文章,但这对我来说毫无意义。不过还是有点新鲜。
namespace ApplicationManager.Authorization
{
public class Resources
{
public const string ApplicationManager = "Applications";
}
}