问题
I'm trying to add Roles authentication to an Action in a Controller in an ASP.NET MVC application. The code looks something like this:
[Authorize(Roles = "SomeRoleName")]
public ActionResult Index()
{
bool inRole = User.IsInRole("Admin");
If I remove the Authorize attribute and put a breakpoint on the last line in that code sample, is there a way that I can inspect the objects and find out what roles are available?
e.g. I call User.IsInRole("Admin) in the Immediate window and it will give me a true/false value. How can I access the collection of roles available?
回答1:
If you don't need to do this programatically, but you are trying to determine the correct Windows Groups/Roles that need to be specified, you can use this from the command line:
C:\> net group /domain (lists all Roles in the domain)
C:\> net user <username> /domain (lists info, including roles for a user)
Otherwise you will need to query the LDAP part of Active Directory, or use something under DirectoryServices.
Take a look at these websites to access Active Directory via C#:
- Howto: (Almost) Everything In Active Directory via C# - Codeproject
- User Management with Active Directory
回答2:
Add this to your web.config under system.web:
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
Then you can use:
string[] arr = Roles.GetRolesForUser(User.Identity.Name);
or:
string[] arr = Roles.GetRolesForUser();
回答3:
You can use the various methods on the RoleProvider class in System.Web.Security.Roles.Provider.
See this for more: Role Provider
回答4:
I'm guessing you aren't using a role provider here, but falling back on the underlying functionality of WindowsPrincipal where the roles map to the user's groups. Anyhow, I don't think one can do more than enumerate the windows groups available on that machine/in that domain. Not sure if this helps, but that's all I can say without having an idea of what you are trying to do with said roles list.
来源:https://stackoverflow.com/questions/922378/roles-available-with-windows-authentication