[英]ASP.NET Membership - Which RoleProvider to use so User.IsInRole() checks ActiveDirectory Groups?
Very simple question actually: 实际上很简单的问题:
I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. 我目前禁用了IIS匿名访问,用户使用Windows登录自动登录。 However calling User.IsInRole("Role name") returns false.
但是,调用User.IsInRole(“Role name”)将返回false。 I double-checked User.Identity.Name() and the "Role name" and it should return true.
我仔细检查了User.Identity.Name()和“角色名称”,它应该返回true。
I currently have this in my Web.Config: 我目前在我的Web.Config中有这个:
UPDATE UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\\Role name") 我在调用User.IsInRole(“角色名称”),我应该调用User.IsInRole(“DOMAIN \\ Role name”)
However I still like to know if the <membership> entry is needed at all? 但是我仍然想知道是否需要<membership>条目?
What should I change? 我应该改变什么? ( and is the <membership> entry needed at all? )
( 是否需要<membership>条目? )
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add
name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXX\specialAdUser"
connectionPassword="xx"
/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="WindowsProvider">
<providers>
<clear />
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, ie DOMAIN\\groupName. 如果您使用Windows身份验证,IsInRole将无需额外配置,只要您记得在角色前加上域名,即DOMAIN \\ groupName。
In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application. 此外,您可以自己角色(双关语)并使用Windows身份验证,例如,SQL角色提供程序,您不希望您的AD充斥着应用程序的自定义角色。
So no, you don't need the provider configuration at all. 所以不,您根本不需要提供程序配置。
The membership provider here isn't going to help. 这里的会员提供者不会提供帮助。 The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.
ActiveDirectoryMembershipProvider似乎最适合(仅?)适合Forms身份验证。
BlogEngine.NET具有Active Directory角色提供程序 。
非常肯定你需要的唯一东西是roleManager组(以及基本身份验证模式='windows'设置)
Out of the box, there's no role provider to use Active Directory directly. 开箱即用,没有角色提供程序直接使用Active Directory。 You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).
您可以在ASP.NET成员资格和角色系统中使用角色表,也可以使用授权管理器(AzMan)。
There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. 有一篇关于CodeProject的文章,它展示了一个针对Active Directory的角色提供程序的实现 - 具有完整的源代码。 Maybe this helps?
也许这有帮助吗?
Marc 渣
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.