ASP.NET Active Directory角色提供程序
[英]ASP.NET Active Directory role provider
问题描述
This is my first time working with ASP.NET Role membership in active directory. 
这是我第一次使用Active Directory中的ASP.NET角色成员身份。
So far i've got a website running, and im able to log in with a active directory user. 到目前为止,我已经有一个网站正在运行,并且无法使用活动目录用户登录。
My problem is: I cant get "Roles.IsUserInRole" to trigger. 我的问题是:我无法触发“ Roles.IsUserInRole”。 It's like it dosent even look at the logged in user for group memberships. 就像它甚至没有注意登录用户的组成员身份。
I have been searching for a solution, but the only solution i can find is to write my own membership provider. 我一直在寻找解决方案,但是唯一可以找到的解决方案是编写我自己的成员资格提供程序。 Is this really neccesary? 这真的必要吗?
I want to control what the users can access with their memberships. 我想控制用户可以使用其成员身份访问的内容。 Like if a user is in the "students" security group in the AD then they can only access pages in a student fold in my ASP.NET solution. 就像用户位于AD的“学生”安全组中一样,他们只能访问ASP.NET解决方案中学生文件夹中的页面。
I am useing form authentication. 我正在使用表单身份验证。
Here is a sample of my webconfig for my rolemanager: 这是我的角色管理器的Webconfig示例:
<system.web>
<roleManager defaultProvider="WindowsProvider"
enabled="true"
cacheRolesInCookie="false">
<providers>
<add
name="WindowsProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
</system.web>
and here im trying the IsUserInRole 在这里我正在尝试IsUserInRole
protected void Login2_LoggingIn(object sender, LoginCancelEventArgs e)
{
if (Roles.IsUserInRole("Students"))
{
Response.Redirect("../Students/StartPage.aspx");
}
}
Bonus question: I am only able to login with users from the "Users" container ind my AD. 奖励问题:我只能通过广告中“用户”容器中的用户登录。 Why cant i login with a user from a OU some levels down? 为什么我不能从某个级别的OU登录用户?
3 个解决方案
解决方案1
1 2014-01-25 11:10:57
As to your first question, have you already tried to use the group name together with the domain name ie Roles.IsUserInRole(@"DOMAIN\\groupName") ? 关于第一个问题,您是否已经尝试过将组名和域名一起使用,例如Roles.IsUserInRole(@"DOMAIN\\groupName") ?
As to your second question. 至于第二个问题。 I assume that you use ActiveDirectoryMembershipProvider . 我假设您使用ActiveDirectoryMembershipProvider 。 If so, I think that you have a connection string in your web.config (which is used by the provider)and this connection string specifies that the provider should use Users container. 如果是这样,我认为您的web.config中有一个连接字符串(供提供者使用),并且此连接字符串指定提供者应使用Users容器。 However, you don't have to specify the concrete conatainer (for details see this site ). 但是,您不必指定具体的容器(有关详细信息,请参见本网站 )。 For example instead of: 例如,代替:
LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com
You can use: 您可以使用:
LDAP://testdomain.test.com LDAP://testdomain.test.com
解决方案2
1 已采纳 2014-01-25 14:05:38
From your description, you appear to be using Forms Authentication with ActiveDirectoryMembershipProvider for authentication. 从您的描述中,您似乎正在使用带有ActiveDirectoryMembershipProvider表单身份验证进行身份验证。
This is not compatible with WindowsTokenRoleProvider . 这与WindowsTokenRoleProvider不兼容。 To use WindowsTokenRoleProvider , which exposes roles based on Windows group membership, you need to be using Windows authentication. 要使用WindowsTokenRoleProvider ,它基于Windows组成员身份公开角色,您需要使用Windows身份验证。
解决方案3
0 2015-03-13 16:37:00
Make sure you Remove: 确保删除:
<authentication mode="Forms">....</authentication>
then you can alternatively use: 那么您也可以使用:
User.IsInRole("Students");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.