堆栈内存溢出
  简体   繁体   English

具有自定义角色和Active Directory的ASP MVC 5 Windows身份验证

[英]ASP MVC 5 Windows authentication with custom roles and Active Directory

 原文  2016-06-17 09:25:59       asp.net-mvc/ active-directory/ authorization/ windows-authentication/ user-roles

问题描述

I have an MVC 5 application set up with windows authentication and my own custom roles table for authorization. 我有一个MVC 5应用程序,该应用程序设置了Windows身份验证和我自己的自定义角色表以进行授权。 This works fine if the user exists in my application database - username in my users table maps to the usernames in active directory. 如果用户存在于我的应用程序数据库中,则此方法很好-我的用户表中的用户名映射到活动目录中的用户名。

My question is how do I keep my users table in sync with active directory. 我的问题是如何使我的用户表与活动目录保持同步。 Any time a new user is hired, a new record has to be added to my intranet application to ensure this user has access to it. 每当雇用新用户时,都必须将新记录添加到我的Intranet应用程序中,以确保该用户可以访问它。

Is there a way to load users from active directory into my own users table perhaps with some kind of scheduled job or is there a better way to achieve what I'm trying to do? 是否可以通过某种计划的作业将用户从活动目录加载到我自己的用户表中,或者有更好的方法来实现我要执行的操作?

2 个解决方案

解决方案1
 0  2016-06-17 10:38:11

I think sync two database instances (AD database and you app database) will become management issue as your business grow. 我认为随着业务的增长,同步两个数据库实例(AD数据库和您的应用程序数据库)将成为管理问题。 Even, adding new user and removing is day to day work, so in both cases you need to execute some sort of action to add or remove users from your app database. 甚至添加和删除用户都是日常工作,因此在两种情况下,您都需要执行某种操作以从应用程序数据库中添加或删除用户。

Why don't you ask your team to give you access of AD database and consume this into your intranet app, this is what I was using in my past organization and this works great. 您为什么不要求您的团队为您提供AD数据库的访问权限,并将其用于您的Intranet应用程序,这就是我在过去的组织中使用的,并且效果很好。

解决方案2
 0  2016-06-17 10:45:09

The AD can be used in a programmatic manner. 可以以编程方式使用AD。 Just look for LDAP stuff and you'll find lots of examples. 只需查找LDAP内容,您就会发现很多示例。 Here's one to get you started : Connect to Active Directory via LDAP 这是一个入门的方法: 通过LDAP连接到Active Directory

If your application allows people to register then implement your own custom membership provider which talks to the AD. 如果您的应用程序允许人们注册,则实施您自己的与AD对话的自定义成员资格提供程序。 You can create the users in the AD, you will have to pass the password requirements which are set on the AD as well, which is more than likely a good thing. 您可以在AD中创建用户,还必须传递在AD上设置的密码要求,这很可能是一件好事。 The roles information can be stored there as well, no need for a local custom roles table either. 角色信息也可以存储在此处,也不需要本地自定义角色表。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 MVC 5中用于Active Directory身份验证的自定义角色 - Custom roles in MVC 5 for Active Directory authentication 具有自定义角色的ASP.NET MVC和Windows身份验证 - ASP.NET MVC and Windows Authentication with custom roles 使用Windows身份验证和活动目录组作为角色 - using windows authentication with active directory groups as roles ASP.NET MVC 5:应用程序池,Windows身份验证和Active Directory - ASP.NET MVC 5: App Pool, Windows Authentication and Active Directory ASP.NET MVC 4,Windows身份验证和Active Directory - ASP.NET MVC 4, Windows Authentication and Active Directory ASP.NET 5用于Windows身份验证的自定义角色 - ASP.NET 5 Custom roles for Windows Authentication Active Directory中的ASP.NET MVC3 Windows身份验证要求 - ASP.NET MVC3 Windows Authentication require from Active Directory ASP.Net MVC 4管理角色-Windows身份验证 - ASP.Net MVC 4 Manage Roles - Windows Authentication 使用自定义身份验证时,ASP.NET MVC分配角色 - ASP.NET MVC Assign Roles when using custom authentication 存储在数据库中的MVC 4应用程序,Windows身份验证和自定义角色 - MVC 4 Application, Windows Authentication, and Custom roles stored in a database
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM