ASP.NET MVC中的自动或手动Active Directory身份验证
[英]Automatic or manual Active Directory authentication in asp.net mvc
问题描述
I'm working on an asp.net mvc web app that is supposed to: 
我正在开发一个asp.net mvc Web应用程序,该应用程序应该:
- Automatically login someone if they are a valid user in Active Directory. 如果某人是Active Directory中的有效用户,则自动登录。
- If the client is outside of the network (they're at home or whatever), allow them to manually login with their AD credentials through a login form. 如果客户端不在网络之外(他们在家里还是其他地方),则允许他们通过登录表单以其AD凭据手动登录。
I'm very new to AD authentication, I'm confused as to if I should be using Forms Authentication or Windows Authentication. 我是AD身份认证的新手,对于应该使用表单身份认证还是Windows身份认证,我感到困惑。
I have this in my web.config: 我在web.config中有这个:
<add name="ADConnect" connectionString="LDAP://[something]/CN=dhr,DC=[something],DC=net" />
If I set: <authentication mode="Windows"> I can check User.Identity.IsAuthenticated in the controller to determine if they're logged in. If they're not, am I supposed to use this?: 如果设置了<authentication mode="Windows"> ,则可以在控制器中检查User.Identity.IsAuthenticated以确定是否已登录。如果没有登录,我是否应该使用此密码?
Membership.ValidateUser("someguy", "somepass");
I get an error about making a secure connection to the server if I run the above. 如果运行上述命令,则会出现有关与服务器建立安全连接的错误。 I have this as my provider: 我有这个作为我的提供者:
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear />
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADConnect" attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
1 个解决方案
解决方案1
0 2014-05-02 15:31:26
Typically, network administrators prevent web applications that use windows authentication to expose to the internet due to security reasons. 通常,由于安全原因,网络管理员会阻止使用Windows身份验证的Web应用程序向Internet公开。 This is definitely possible, but you need to make sure that second scenario is valid and possible in your organization. 这绝对是可能的,但是您需要确保第二种情况在您的组织中有效并且可行。 A common scenario to connect from the internet is to use VPN which will log in you to the network (means you will be authenticated against AD). 从Internet连接的一种常见情况是使用VPN,它将登录到网络(意味着您将根据AD进行身份验证)。
To perform only authentication for the first scenario you do no need the AspNetActiveDirectoryMembershipProvider. 若要仅对第一种情况执行身份验证,则不需要AspNetActiveDirectoryMembershipProvider。 An authentication (validation of user identity) usually only required to be set 通常仅需要设置身份验证(用户身份验证)
- in web.config: authentication mode="Windows" and authorization 在web.config中:身份验证模式=“ Windows”和授权
- on IIS: set integrated windows authentication to ON 在IIS上:将集成的Windows身份验证设置为“开”
- on IIS: if you have second scenario (or if you have different domains, etc) keep anonymous access as ON - it should prompt with standard login propmt;otherwise set it OFF 在IIS上:如果您有第二种情况(或者如果您具有不同的域等),则保持匿名访问为打开状态-它将使用标准登录属性提示;否则将其设置为关闭
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.