混合组和用户的asp.net mvc 属性

您可以对AuthorizeAttribute进行子类型以查看用户和角色。 脱离我的头顶（未经测试）：

 using System; using System.Linq; using System.Security.Principal; using System.Web; using System.Web.Mvc; public class MyAuthorizeAttribute : AuthorizeAttribute { // This method must be thread-safe since it is called by the thread-safe OnCacheAuthorization() method. protected override bool AuthorizeCore(HttpContextBase httpContext) { base.AuthorizeCore(httpContext); if ((!string.IsNullOrEmpty(Users) && (_usersSplit.Length == 0)) || (!string.IsNullOrEmpty(Roles) && (_rolesSplit.Length == 0))) { // wish base._usersSplit were protected instead of private... InitializeSplits(); } IPrincipal user = httpContext.User; if (!user.Identity.IsAuthenticated) { return false; } var userRequired = _usersSplit.Length > 0; var userValid = userRequired && _usersSplit.Contains(user.Identity.Name, StringComparer.OrdinalIgnoreCase); var roleRequired = _rolesSplit.Length > 0; var roleValid = (roleRequired) && _rolesSplit.Any(user.IsInRole); var userOrRoleRequired = userRequired || roleRequired; return (!userOrRoleRequired) || userValid || roleValid; } private string[] _rolesSplit = new string[0]; private string[] _usersSplit = new string[0]; private void InitializeSplits() { lock(this) { if ((_rolesSplit.Length == 0) || (_usersSplit.Length == 0)) { _rolesSplit = Roles.Split(','); _usersSplit = Users.Split(','); } } } } 

由于您使用“@”字符为域/用户和域/组字符串添加前缀，因此无需双击反斜杠。 您可以尝试使用以下任一替换这些行：

 [Authorize(Roles="MyDomain\\company.security.group.name")] [Authorize(Users="MyDoamin\\MyName")] 

要么

 [Authorize(Roles=@"MyDomain\company.security.group.name")] [Authorize(Users=@"MyDoamin\MyName")] 

进一步阅读还表明，授权filter将执行“用户”和“角色”检查。 如果用户不满足这两个要求，那么他们将被拒绝访问。
要获得所需的行为，您需要按照上一个答案中的建议编写自定义授权filter。