I am creating an MVC application with forms auth. I am authenticating against active directory and so have created a custom RoleProvider. My application is only concerned with a small set of roles which up until now I have been defining in the appSettings section of my web.config:

我正在使用表单auth创建一个MVC应用程序。我正在对活动目录进行身份验证，因此创建了一个自定义RoleProvider。我的应用程序只关注一小部分角色，到目前为止，我一直在web.config的appSettings部分中定义：

<appSettings>
  <add key="DirectorRole" value="Domain\Directors" />
  <add key="ManagementRole" value="Domain\Managers" />
  ...
</appSettings>

However I have run into a couple of problems with this approach:

但是我遇到了这种方法的几个问题：

1. I cannot reference these setting in my contoller data annotations: [Authorize(Roles = ConfigurationManager.AppSettings["DirectorRole"])] as it wont compile so I have to specify the name of the group again: [Authorize(Roles = "Domain\\Directors")].
2. 我无法在我的控制器数据注释中引用这些设置：[Authorize（Roles = ConfigurationManager.AppSettings [“DirectorRole”]）]因为它不会编译所以我必须再次指定组的名称：[Authorize（Roles =“Domain \ \董事“）]。
3. In my web.config, I would like to specify the groupsToUse for my role provider and just reference a pre-existing list, rather than maintain two seperate lists of the same set of roles.
4. 在我的web.config中，我想为我的角色提供程序指定groupsToUse，只是引用一个预先存在的列表，而不是维护同一组角色的两个单独列表。

It seems that there must be a better/reusable way to define the roles in the web.config, can someone point me in the right direction please?

似乎必须有一个更好/可重用的方式来定义web.config中的角色，有人能指出我正确的方向吗？

2 个解决方案

public class MyAuthorizeAttribute : AuthorizeAttribute {

    public MyAuthorizeAttribute(params string[] roleKeys) {
        List<string> roles = new List<string>(roleKeys.Length);

        //foreach(var roleKey in roleKeys) {
            //roles.Add(ConfigurationManager.AppSettings["DirectorRole"]);
        //}
        var allRoles = (NameValueCollection)ConfigurationManager.GetSection("roles");
        foreach(var roleKey in roleKeys) {
            roles.Add(allRoles[roleKey]);
        }

        this.Roles = string.Join(",", roles);
    }
}

[MyAuthorize("DirectorRole")]

  <configSections>
    <section
      name="roles"
      type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </configSections>

  <roles>
    <add key="DirectorRole" value="Domain\Directors" />
    <add key="ManagementRole" value="Domain\Managers" />
  </roles>

#1

public class MyAuthorizeAttribute : AuthorizeAttribute {

    public MyAuthorizeAttribute(params string[] roleKeys) {
        List<string> roles = new List<string>(roleKeys.Length);

        //foreach(var roleKey in roleKeys) {
            //roles.Add(ConfigurationManager.AppSettings["DirectorRole"]);
        //}
        var allRoles = (NameValueCollection)ConfigurationManager.GetSection("roles");
        foreach(var roleKey in roleKeys) {
            roles.Add(allRoles[roleKey]);
        }

        this.Roles = string.Join(",", roles);
    }
}

[MyAuthorize("DirectorRole")]

  <configSections>
    <section
      name="roles"
      type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </configSections>

  <roles>
    <add key="DirectorRole" value="Domain\Directors" />
    <add key="ManagementRole" value="Domain\Managers" />
  </roles>

#2