Active Directory与本地帐户身份验证
[英]Active Directory vs Local Account Authentication
问题描述
We have developed an app in .Net. 
我们已经在.Net中开发了一个应用程序。 There is a common login page for all users. 所有用户都有一个通用的登录页面。 Some accounts in the app are set up to authentiate against Active Directory. 该应用程序中的某些帐户设置为针对Active Directory进行身份验证。 Other accounts use a local account to login in (the username and account is stored in the user store of the app). 其他帐户使用本地帐户登录(用户名和帐户存储在应用程序的用户存储中)。 When a user logs in, how can we differentiate whether the user is authenticating with their AD credentials or if it's a local account. 当用户登录时,我们如何区分用户是使用其AD凭据进行身份验证还是本地帐户。 Local account / username is normally the user's email address. 本地帐户/用户名通常是用户的电子邮件地址。
2 个解决方案
解决方案1
0 2014-04-19 00:27:48
The simplest solution is to require users use their full username. 最简单的解决方案是要求用户使用其完整的用户名。 So AD users would either use username@domain.tld or DOMAIN\\username and local account users would not. 因此,AD用户将使用username@domain.tld或DOMAIN\\username而本地帐户用户则不会。 You would then parse the username and based on the prefix or trailing domain, determine which MembershipProvider to use to authenticate. 然后,您将解析用户名,并基于前缀或结尾域,确定要使用哪个MembershipProvider进行身份验证。
解决方案2
0 2014-04-23 10:05:10
You should just prioritize one over the other and then check each user database in that order. 您应该只优先一个优先,然后按该顺序检查每个用户数据库。 So if you prioritize your local users then just check if the username is a valid local user, if its not then check it against AD. 因此,如果您优先考虑本地用户,则只需检查用户名是否为有效的本地用户,如果不是,则对照AD进行检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.