ASP.NET手动用户身份验证
[英]ASP.NET Manual user authentication
问题描述
I am working for the DOD. 
我正在为国防部工作。 The application they have requested is web based, and will be on their internal network. 他们请求的应用程序基于Web,并且将在其内部网络上。 The request is for CAC authentication, which is easy enough... The remaining problem is authenticating a user. 该请求用于CAC身份验证,这很容易。...剩下的问题是对用户进行身份验证。 The CAC authentication is happening at the IIS level, so by the time the user gets to the application, all I am doing (or had planned on doing) is checking the ID on the CAC, and comparing it to a user table in the database. CAC身份验证是在IIS级别上进行的,因此,当用户进入应用程序时,我正在做的(或计划做的)是检查CAC上的ID,并将其与数据库中的用户表进行比较。 。 If the user exists (and has been approved), then they are off and running in the system. 如果该用户存在(并且已被批准),那么他们将关闭并在系统中运行。 If they do not exist, then they are pushed to the registration screen. 如果不存在,则将它们推送到注册屏幕。
Given my lack of experience with web development, I am unsure if I need to actually authenticate the user in some way beyond the CAC authentication, or if I can just manually assign roles to the user and let the roles dictate what can or cannot be done in the application. 鉴于我缺乏Web开发经验,因此我不确定是否需要通过CAC身份验证之外的某种方式对用户进行实际身份验证,或者我是否可以手动将角色分配给用户并让角色决定可以执行或不能执行的操作在应用程序中。 Windows authentication is not an option; Windows身份验证不是一种选择。 while this application is internal for the military, it is accessible from different mil networks. 虽然此应用程序是军事内部使用的,但可以从不同的军事网络访问。
If I do indeed need to authenticate a user... this is where I run into trouble. 如果确实需要对用户进行身份验证...这就是我遇到的麻烦。 I have not found anything that says there is a way to manually authenticate a user. 我还没有发现任何可以手动验证用户身份的方法。 I could use the standard ASP tables in the database, but it seems... messy... to include things that won't be used (meaning the password field would always be an empty string - why include it in the db if it isn't being used?). 我可以在数据库中使用标准的ASP表,但似乎...很杂乱...包括了不会使用的内容(这意味着密码字段始终为空字符串-如果将其包含在数据库中,为什么要包含它没有被使用?)。
Thanks in advance for any help... If there's links to where I can read more about the authentication process, those would be very much appreciated as will. 在此先感谢您的帮助...如果有指向我可以阅读有关身份验证过程的更多信息的链接,将非常感谢您。
1 个解决方案
解决方案1
0 已采纳 2015-08-28 18:04:06
I'm working on several DOE projects that use the same idea. 我正在使用相同想法的几个DOE项目中。 What we normally do for web applications is to enable Windows authentication on the app. 我们通常对Web应用程序执行的操作是在应用程序上启用Windows身份验证。 This will allow pass-through of user credentials and keep out anyone without credentials. 这将允许传递用户凭据,并将没有凭据的任何人拒之门外。
I also like to add role based authorization into the mix and then use AD groups to allow/deny users on specific apps. 我还喜欢将基于角色的授权添加到组合中,然后使用AD组来允许/拒绝特定应用程序上的用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.