使用以下实际上,你可以仍然获得组名称:
var test = new System.Security.Principal.SecurityIdentifier("S-1-5-21-3290390516-4063083420-3538132138-1146").Translate(typeof(System.Security.Principal.NTAccount)).ToString();
因此,例如:
var roles = ((ClaimsIdentity)_context.User.Identity).Claims.Where(q => q.Type == ClaimTypes.GroupSid).Select(q => q.Value);
_logger.LogInformation($"Got {roles.Count()} roles");
foreach (var role in roles)
{
var name = new System.Security.Principal.SecurityIdentifier(role).Translate(typeof(System.Security.Principal.NTAccount)).ToString();
_logger.LogInformation($"Got role {role}");
}
输出:
(namespace).Authorization.Handlers.SiteHandler: Information: Got 18 roles
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\Domain Users
(namespace).Authorization.Handlers.SiteHandler: Information: Got role Everyone
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\(redacted) Backend
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\(redacted) Dashboards
(namespace).Authorization.Handlers.SiteHandler: Information: Got role BUILTIN\Performance Log Users
(namespace).Authorization.Handlers.SiteHandler: Information: Got role BUILTIN\Users
(namespace).Authorization.Handlers.SiteHandler: Information: Got role NT AUTHORITY\INTERACTIVE
(namespace).Authorization.Handlers.SiteHandler: Information: Got role CONSOLE LOGON
(namespace).Authorization.Handlers.SiteHandler: Information: Got role NT AUTHORITY\Authenticated Users
(namespace).Authorization.Handlers.SiteHandler: Information: Got role NT AUTHORITY\This Organization
(namespace).Authorization.Handlers.SiteHandler: Information: Got role LOCAL
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\jira-users
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\jira-developers
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\(redacted)_PDMS_DE_ALL
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\(redacted)_PDMS_BE_ALL
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\(redacted)Developers
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\(redacted)_TEST
(namespace).Authorization.Handlers.SiteHandler: Information: Got role (redacted)\(redacted)_PDMS_DB_ALL
请注意,域角色可能需要一两秒钟才能填充。
感谢您的回答。我现在可以拉下RC2吗?还是RC2不可用?它是否像asp.net 4一样简单,我用[Authenticate]和[Authorize(“groupname”)]装饰休息方法,还是必须编写一堆自定义代码? –
你还不明白。不久。一旦它起作用,是的,如果你不想使用策略,情况会一样。你可以简单地做[授权(角色='')] – blowdart
@blowdart你有任何机会得到github问题的方便,为什么IsInRole()被破坏,或碰巧知道它是如何被破坏? – JosephGarrone