问题描述
我正在使用ASP.NET Core 2.0 MVC构建Intranet.所有用户都是活动目录的一部分.另外,我有一个具有以下表的MSSQL数据库:
I am building an intranet with ASP.NET core 2.0 MVC. All users are part of an active directory. Additionaly I have a MSSQL database with the following tables:
Users (Id, FirstName, UserNameAd (unique), ...)
Roles (Id, RoleName)
UserRoles (User_Id, Role_Id)
在我的Web应用程序中,我现在想检索用户的角色并将其存储在Microsoft的身份验证/身份类中,以便使用[Authenticate(Roles="Admin")]
内容.我不确定我将把这个角色请求放在哪里以及什么是最佳实践.用户白天有可能获得新角色,或者白天有可能删除某个角色,而我实际上不希望用户单击特定的内容或需要他重新启动浏览器才能应用新角色-这就是为什么我认为需要在服务器的每个服务器操作(POST,GET)中请求角色.
In my web application I now want to retrieve the roles of a user and store them in the Authentication/Identity Classes of Microsoft in order to use [Authenticate(Roles="Admin")]
stuff. I am not sure where I shall put this role-request and what is the best practice. It is possible that a user gets a new role during the day or that a role is removed during the day and I actually do not want the user to click something specific or need him to restart the browser in order to get the new roles applied - thats why I think that the roles need to be requested with each server-action (POST, GET) from the server.
任何想法或链接到一个好的教程,将不胜感激.
Any idea or link to a good tutorial would be highly appreciated.
如果您认为我的方法不是一种好的做法,并且您有一个更好的主意,我将很高兴知道.
Also if you think my approach is not good practice and you have a better idea I would be happy to know.
推荐答案
经过互联网上的大量讨论和研究,我得出了选择纯Windows身份验证的结论.
After a lot of discussions and researches in the internet i came to the conclusion to chose pure windows authentication.
它开箱即用,您已经可以通过[Authorize(Roles ="ADGroupName")]将活动目录组用作角色,
It works out of the box and you can already use the active directory groups as roles with [Authorize(Roles = "ADGroupName")] which is really straightforward and nice.
这篇关于如何设计所有用户角色的检索和处理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!