现有aspnet角色提供程序的自定义成员资格?
[英]custom membership with existing aspnet Role provider?
问题描述
We currently have an application which has been in production for a few years, it was build using .Net 3.5 and used aspnet membership provider to handle the user authentication, creation and role management. 
我们目前有一个已经投入生产几年的应用程序,它是使用.Net 3.5构建的,并使用aspnet成员资格提供程序来处理用户身份验证,创建和角色管理。 Recently we received requests to put in a few upgrades to the application, in the process we moved it to Visual Studio 2013, .Net 4.5. 最近,我们收到了对应用程序进行一些升级的请求,在此过程中,我们将其移至了Visual Studio 2013,.Net 4.5。 One of the upgrades requested was to use our company's LDAP for authentication, is this possible? 要求的升级之一是使用我们公司的LDAP进行身份验证,这可能吗? We did not want to rebuild the authentication/authorization/roles piece, can we leave the roles part and change the authentication/authroization parts only? 我们不想重建身份验证/授权/角色部分,我们可以离开角色部分而仅更改身份验证/授权部分吗? Currently we have the following in our web.config 目前,我们的web.config中包含以下内容
<roleManager enabled="true" /> <compilation debug="true" targetFramework="4.5"> <assemblies> ... </assemblies> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Forms"> <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" protection="All" timeout="30" requireSSL="false" slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" defaultUrl="default.aspx" /> </authentication> <authorization> <deny users="?" /> </authorization>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
<add name="PasswordResetMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
1 个解决方案
解决方案1
1 已采纳 2014-01-29 15:53:06
The existing active directory membership provider should do fine 现有的活动目录成员资格提供程序应该做得很好
http://msdn.microsoft.com/pl-pl/library/system.web.security.activedirectorymembershipprovider(v=vs.110).aspx http://msdn.microsoft.com/pl-pl/library/system.web.security.activedirectorymembershipprovider(v=vs.110).aspx
As for roles, as far as I know there is no built in AD role provider but there was a project that aimed to create it: 至于角色,据我所知,没有内置的AD角色提供程序,但是有一个旨在创建它的项目:
http://adrp.codeplex.com http://adrp.codeplex.com
Another approach would be to switch to federated authentication. 另一种方法是切换到联合身份验证。 This still makes that you don't need any changes to your code except for the login part but benefit is that you have the single sign-on for multiple applications, some of them don't even have to be .net-based. 这仍然使您除了登录部分外无需对代码进行任何更改,但是好处是您可以针对多个应用程序进行单点登录,其中有些甚至不必基于.net。 It means that users login only once and the authentication flow passes user information, including roles, to requesting application. 这意味着用户仅登录一次,并且身份验证流将包括角色在内的用户信息传递给请求的应用程序。
If you decide to follow this, read about ADFS2.0 and claims-based security. 如果决定遵循此规则,请阅读有关ADFS2.0和基于声明的安全性的信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.