有关ASP.NET身份验证和授权的一般视图，这是一个非常好的视图： ASP.NET身份验证和授权 [ ^ ]



- 在这种情况下，由于多种原因，基于IP的安全性不是一种选择。

- 如果所有用户都来自NT域（ActiveDirectory），则只需将AD用户和安全组分配给IIS应用程序和文件夹即可。但是这种方法仅仅适用于某些静态访问限制，例如除了这些之外根本无法到达。

- 如果您需要在应用程序中进行某种动态的权限验证和授权，这很可能是公司的情况，ASP.NET对它的回答是MembershipProvider和RoleProvider。如果所有域用户都可以，您仍然可以使用NTLM / Kerberos，但您也可以使用表单身份验证。而且默认情况下这有很好的支持。阅读本文： http://www.4guysfromrolla.com/articles/120705-1.aspx [ ^ ]

- 如果您需要更多，可以创建自己的MembershipProvider和RoleProvider，它们可以来自简单的 [ ^ ]真的复杂的 [ ^ ]取决于您的需要。

For a general view on ASP.NET authentication and authorization, this is a really good one: ASP.NET authentication and authorization[^]

- In this scenario ip based security is not an option for several reasons.
- If all users are from an NT domain (ActiveDirectory), than you can simply assign AD users and security groups to IIS applications and folders. But this approach is merely good for some static access restriction, like "other than these can not get there at all".
- If you need some sort of dynamic right authentication and authorization in the application, and this is most likely the case in a company, the ASP.NET answer to it is MembershipProvider and RoleProvider. You can still use NTLM/Kerberos if all all domain users, but you can use form authentication as well. And that has a really good support by default. Read this article: http://www.4guysfromrolla.com/articles/120705-1.aspx[^]
- If you need more, you can make your own MembershipProvider and RoleProvider, that can go from simple ones[^] to really complex ones[^] depending on your need.