带有 Windows 身份验证的 ASP.NET Core 2.1 自定义 RoleProvider

ASP.NET Core 2.1 Custom RoleProvider with Windows Authentication(带有 Windows 身份验证的 ASP.NET Core 2.1 自定义 RoleProvider)

问题描述

我正在将应用程序从 ASP.Net MVC 5 框架迁移到新的 .Net Core 2.1.

I am migrating applications away from the ASP.Net MVC 5 framework to the new .Net Core 2.1.

我在 MVC 5 项目中使用了带有自定义 RoleProvider 的 Windows 身份验证，如下面的链接所示.

I used Windows Authentication with a Custom RoleProvider in the MVC 5 Projects as shown in the link below.

ASP.NET MVC 如何创建自定义角色提供者

我如何在 Core 2.1 中完成同样的任务，因为它似乎不包含 RoleProvider 功能?

How do I accomplish the same in Core 2.1 as it does not seem to contain RoleProvider capability?

我遇到的每个示例都使用带有 IdentityUser 和 IdentityRole 的个人帐户.

Every example I come across uses Individual Accounts with IdentityUser and IdentityRole.

我的用户和角色自定义表:

My custom tables for User and Roles :

public class User
{
    public User() { UserRoles = new HashSet<UserRole>(); }

    [Key]
    public string Id { get; set; }

    [StringLength(50)]
    [Required]
    public string Logon { get; set; } //The users Active Directory Username

    public bool Active { get; set; }

    public ICollection<UserRole> UserRoles { get; set; }

}


public class Role
{
    public Role() { UserRoles = new HashSet<UserRole>(); }

    [Key]
    public string Id { get; set; }

    public string Name { get; set; }

    public ICollection<UserRole> UserRoles { get; set; }
}

我添加了一个 CustomClaimsPrincipal ，如下所示:

I've added a CustomClaimsPrincipal which goes like:

public class CustomClaimsPrincipal : ClaimsPrincipal
{
    private readonly ApplicationDbContext _context;

    public CustomClaimsPrincipal(ApplicationDbContext context)
    {
        _context = context;
    }

    public override bool IsInRole(string role)
    {
        var currentUser = ClaimsPrincipal.Current.Identity.Name;

        IdentityUser user = _context.Users.FirstOrDefault(u => u.UserName.Equals(currentUser, StringComparison.CurrentCultureIgnoreCase));
            //(ApplicationUser)_context.Users.FirstOrDefault(u => u.UserName.Equals(currentUser, StringComparison.CurrentCultureIgnoreCase));

        var roles = from ur in _context.UserRoles.Where(p => p.UserId == user.Id)
                    from r in _context.Roles
                    where ur.RoleId == r.Id
                    select r.Name;
        if (user != null)
            return roles.Any(r => r.Equals(role, StringComparison.CurrentCultureIgnoreCase));
        else
            return false;
    }
}

并添加到 Startup.cs

and added to Startup.cs

services.AddIdentity<ApplicationUser, IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>();

services.AddScoped<ClaimsPrincipal, CustomClaimsPrincipal>();

但它似乎仍然采用原始的 ClaimsPrincipal IsInRole 函数而不是覆盖，我相信这就是我收到错误消息主域和受信任域之间的信任关系失败"的原因.

But it still seems to be taking the original ClaimsPrincipal IsInRole function instead of the override which I believe is why I'm getting the error message "The trust relationship between the primary domain and the trusted domain failed."

推荐答案

在 net core 中管理自定义权限通常是通过声明来完成的.您可以通过 aspnet 身份执行此操作(如何在 ASP.NET 中添加声明身份)或者您可以编写自己的中间件.

Managing custom permissions in net core is usually done via claims. You can do this via aspnet identity( How to add claims in ASP.NET Identity) or you can write your own middleware.

收到声明后，您需要创建政策.这是通过 ConfigureServices 方法中的 Startup.cs 类完成的.

Once you have claims, you need to create Policies. This is done via the Startup.cs class in the ConfigureServices method.

services.AddAuthorization(options =>
        {
            options.AddPolicy("HR", policy => policy.RequireClaim("HRTeam"));
            options.AddPolicy("Helpdesk", policy => policy.RequireClaim("HelpdeskTeam"));
        });

然后用 Authorize 属性装饰你的控制器/动作

And then decorate your controllers/actions with the Authorize attribure

[Authorize(Policy="Helpdesk")]
public class HelpDeskController : Controller

这篇关于带有 Windows 身份验证的 ASP.NET Core 2.1 自定义 RoleProvider的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！