问题描述

什么是高级步骤来验证对Active Directory？

我presume是这样的：

1. 修改web.config中使用Windows身份验证
2. 配置web.config中使用ActiveDirectoryMembershipProvider
3. 配置为使用自定义RoleProvider看起来在公元web.config中

请问上面看起来合理，如果是的话，你在哪里我把有效用户检测逻辑？

在我的情况下，有效的用户是一个人在一个特定的AD域。

表单验证

您可以使用正常的窗体身份验证到用户针对Active Directory进行身份验证，对于你只需要你的AD连接​​字符串：

 ＆LT;的ConnectionStrings＆GT;
  ＆LT;添加名称=ADConn的connectionString =LDAP：// YourConnection/＆GT;
＆LT; /的ConnectionStrings＆GT;
 

和添加成员资格提供程序使用此连接：

 ＆LT;会员defaultProvider =ADMembership＆GT;
  ＆LT;供应商＆GT;
    ＆LT;添加名称=ADMembership
         TYPE =System.Web.Security.ActiveDirectoryMembershipProvider，
               System.Web程序，
               版本= 2.0.0.0，
               文化=中立，
               PublicToken = b03f5f7f11d50a3a
         的connectionStringName =ADConn
         connectionUsername =域/用户
         connectionPassword =PWD/＆GT;
  ＆LT; /供应商＆GT;
＆LT; /会员＆GT;
 

您需要使用用户名@域以成功验证用户。

下面是一些让你开始的

• http://helios.ca/2009/05/04/aspnet-mvc-forms-authentication-with-active-directory/

Windows身份验证

如果您启动新的项目，你可以随时 Intranet应用从模板中选择，所有的照顾你。

如果你想要做手工，你需要改变：

1. 启用Windows身份验证
2. 禁用匿名身份验证

有关在IIS7 / 8和IISEx preSS做这方面的详细信息：

在你的的web.config 有一些像

 ＆LT;的System.Web＆GT;
  ＆LT;身份验证模式=窗口/＆GT;

  ＆LT;授权＆GT;
    ＆LT;拒绝用户=？ /＆GT;
  ＆LT; /授权＆GT;
＆LT; /system.web>
 

这就是它！

现在，当你想要的用户身份，只需拨打

  @ User.Identity.Name
 

和这将显示您的域\用户名像我：

下面是一些让你开始的

• http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs

What are the high level steps to authenticate users of an ASP.NET MVC application against Active Directory?

I presume something like:

1. Modify web.config to use Windows authentication
2. Configure web.config to use the ActiveDirectoryMembershipProvider
3. Configure the web.config to use a custom RoleProvider that looks in AD

Does the above look sensible, and if so, where do I put the valid user detection logic?

In my case a valid user is someone on a specific AD domain.

Forms Authentication

You can use the normal forms authentication to authenticate a user against an Active Directory, for that you just need you AD connection string:

<connectionStrings>
  <add name="ADConn" connectionString="LDAP://YourConnection" />
</connectionStrings>

and add the Membership Provider to use this connection:

<membership defaultProvider="ADMembership">
  <providers>
    <add name="ADMembership"
         type="System.Web.Security.ActiveDirectoryMembershipProvider,
               System.Web,
               Version=2.0.0.0,
               Culture=neutral,
               PublicToken=b03f5f7f11d50a3a"
         connectionStringName="ADConn"
         connectionUsername="domain/user"
         connectionPassword="pwd" />
  </providers>
</membership>

you will need to use username@domain to successfully authenticate the user.

Here is something to get you start

• http://helios.ca/2009/05/04/aspnet-mvc-forms-authentication-with-active-directory/

Windows Authentication

If you start your project new, you can always select Intranet application from the template and all is taken care for you

If you want to do it manually, you need to change:

1. Enable Windows Authentication
2. Disable Anonymous authentication

for detailed info on doing this on IIS7/8 and IISExpress:

In your web.config have something like

<system.web>
  <authentication mode="Windows" />

  <authorization>
    <deny users="?" />
  </authorization>
</system.web>

and that's it!

Now, when you want the user identity, just call

@User.Identity.Name

and this will show you the Domain\Username like for me :

Here is something to get you start

• http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs

这篇关于配置ASP.NET MVC反对AD认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！