针对 Active Directory 对 ASP.NET MVC 应用程序的用户进行身份验证的高级步骤是什么?
我认为是这样的:
以上看起来是否合理,如果是,我应该将有效的用户检测逻辑放在哪里?
就我而言,有效用户是特定 AD 域中的某个人.
解决方案Forms Authentication
您可以使用普通表单身份验证针对 Active Directory 对用户进行身份验证,为此您只需要 AD 连接字符串:
<add name="ADConn" connectionString="LDAP://YourConnection"/></connectionStrings>并添加会员提供程序以使用此连接:
<提供者><add name="ADMembership"type="System.Web.Security.ActiveDirectoryMembershipProvider,系统.Web,版本=2.0.0.0,文化=中立,PublicToken=b03f5f7f11d50a3a"connectionStringName="ADConn"connectionUsername="域/用户"connectionPassword="pwd"/></提供者></会员资格>您需要使用 username@domain 来成功验证用户身份.
这里有一些东西可以让你开始
What are the high level steps to authenticate users of an ASP.NET MVC application against Active Directory?
I presume something like:
Does the above look sensible, and if so, where do I put the valid user detection logic?
In my case a valid user is someone on a specific AD domain.
解决方案Forms Authentication
You can use the normal forms authentication to authenticate a user against an Active Directory, for that you just need you AD connection string:
<connectionStrings> <add name="ADConn" connectionString="LDAP://YourConnection" /> </connectionStrings>and add the Membership Provider to use this connection:
<membership defaultProvider="ADMembership"> <providers> <add name="ADMembership" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicToken=b03f5f7f11d50a3a" connectionStringName="ADConn" connectionUsername="domain/user" connectionPassword="pwd" /> </providers> </membership>you will need to use username@domain to successfully authenticate the user.
Here is something to get you started
- helios.ca/2009/05/04/aspnet-mvc-forms-authentication-with-active-directory/
If you start your project new, you can always select Intranet application from the template and all is taken care for you
If you want to do it manually, you need to change:
for detailed info on doing this on IIS7/8 and IISExpress:
IIS 7 & IIS 8
On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure Windows authentication is installed on the server.
To enable Windows authentication on Windows: a) In Control Panel open "Programs and Features". b) Select "Turn Windows features on or off". c) Navigate to Internet Information Services > World Wide Web Services > Security and make sure the Windows authentication node is checked.
To enable Windows authentication on Windows Server: a) In Server Manager, select Web Server (IIS) and click Add Role Services b) Navigate to Web Server > Security and make sure the Windows authentication node is checked.
In the Actions pane, click Enable to use Windows authentication.
IIS Express
In your web.config have something like
<system.web> <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> </system.web>and that's it!
Now, when you want the user identity, just call
@User.Identity.Nameand this will show you the DomainUsername like for me :
Here is something to get you started
- www.asp/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs
更多推荐
配置 ASP.NET MVC 以针对 AD 进行身份验证
发布评论