问题
Please review the scenario and solution I came up with. If it sucks please tell me so.
Scenario Need to create an application for submitting & viewing accidents reports that will be used by 50 schools. When submitting a form, an employee will select their school from a dropdown. Likewise when viewing accident reports, the employee will select their school from a dropdown. Some employee's are to be assigned multiple schools. Thus the dropdown needs to be populated with each school they are assigned to. The IT department wants to control the population of the dropdowns using Active Directory.
Possible Solution
- Within Active Directory, create an organizational unit called AccidentReportingSchools
- Within the organizational unit, create a security group for each school.
- Add an attribute called SchoolName to the security group
- Add an attribute called SchoolID to the security group
- Write an active directory query to return all of the security groups that are within the AccidentReportingSchools organizational unit (created from step 1) that the logged in employee is a member of.
- When an employee logs into the application, create a session variable or cookie for storing the employee's schools. Populate it based on the results of the active directory query.
- Use the cookie/session variable to populate the dropdowns.
Alternate Solution Tell the IT department that Active Directory is not well suited in this particular situation and that a database table should be used for assigning employees to their schools.
回答1:
It doesn't sound like a bad idea. Though I don't think you need to setup an attribute for SchoolName. You can just go by the name of the AD Group. I have something similar (though not nearly as large in scope.) I created a basic Intranet page for IT Trouble Tickets.
And for what it's worth, if you plan on doing this through ASP.net look at MVC rather than WebForms.
来源:https://stackoverflow.com/questions/24758600/using-active-directory-to-restrict-access-to-data-in-webforms-app-mainly-throug