您是否同时为集成身份验证配置了IIS和该应用程序?

Have you configured both IIS and the app for integrated authentication?

在您的web.config中，通过设置forwardWindowsAuthToken="true"

In your web.config do you have the asp.net core module set to forward Windows Identities, by setting forwardWindowsAuthToken="true"

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" 
        modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" 
      arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" 
      stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true" />
  </system.webServer>
</configuration>

在您的program.cs中，您是否了解过与.UseIISIntegration()的IIS集成?

In your program.cs have you plumbed in IIS integration with .UseIISIntegration()?

var host = new WebHostBuilder()
    .UseKestrel()
    .UseContentRoot(Directory.GetCurrentDirectory())
    .UseIISIntegration()
    .UseStartup<Startup>()
    .Build();

您是否已在Startup.cs的ConfigureServices()方法中添加了授权并将其放在AddMvc()之前?

Have you added authorization in your ConfigureServices() method in Startup.cs and put it before AddMvc()?

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorization();
    services.AddMvc();
}

当我准备好所有这些内容后，就可以根据角色高兴地进行授权，例如，将[Authorize(Roles = "REDMOND\\scottgu_org_fte")]放在家庭控制器上，就可以了.

When I have all those things in place I can happily authorize based on roles, for example I put [Authorize(Roles = "REDMOND\\scottgu_org_fte")] on my home controller and I get in just fine.

使用@"REDMOND\\scottgu_org_fte"无效，因为这会使字符串文字 verbatim ，因此它正在尝试评估Domain\\group，并且双斜杠是错误的. @"REDMOND\scottgu_org_fte"仍然可以.

Using @"REDMOND\\scottgu_org_fte" won't work, because that makes the string literal verbatim, so it's trying to evaluate Domain\\group, and double slashes are wrong. @"REDMOND\scottgu_org_fte" would work though.