[英]Working ActiveDirectoryMembershipProvider in Classic Cloud Services but do not work on Azure Web App
We have a working ASP.Net Web Application (.NET Framework not Core) on .NET 4.7.2 that was deployed to a classic cloud services. 我们在.NET 4.7.2上有一个正常工作的ASP.Net Web应用程序(.NET Framework不是Core),已将其部署到传统的云服务中。 We are trying to deploy it to the Azure App Services.
我们正在尝试将其部署到Azure应用服务。 Majority of the existing functionality are working good so far.
到目前为止,大多数现有功能都运行良好。 Unfortunately we are having trouble with getting the ActiveDirectoryMembershipProvider as part of the FormsAuthentication working.
不幸的是,我们在使ActiveDirectoryMembershipProvider作为FormsAuthentication工作的一部分方面遇到了麻烦。
Our LDAP is hosted in AWS an will be accessed by IP Address. 我们的LDAP托管在AWS中,可通过IP地址访问。 For debugging purposes we try it on unsecured LDAP (port 389).
出于调试目的,我们在不安全的LDAP(端口389)上尝试使用它。 We can reach the LDAP from the machine, we can get the group memberships of the test ldap user.
我们可以从计算机访问LDAP,我们可以获取测试ldap用户的组成员身份。 However, using the built in ActiveDirectoryMembershipProvider we're getting the error below
但是,使用内置的ActiveDirectoryMembershipProvider,我们得到以下错误
Exception type System.Configuration.ConfigurationErrorsException
Exception message Access is denied.
(D:\home\site\wwwroot\web.config line 242) <--- Access is denied.
System.Configuration.ConfigurationErrorsException: Access is denied.
(D:\home\site\wwwroot\web.config line 242) ---> System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.ActiveDirectory.DirectoryContext.IsContextValid(DirectoryContext context, DirectoryContextType contextType)
at System.DirectoryServices.ActiveDirectory.DirectoryContext.isDomain()
at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
at System.Web.Security.DirectoryInformation.InitializeDomainAndForestName()
at System.Web.Security.ActiveDirectoryMembershipProvider.Initialize(String name, NameValueCollection config)
at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
--- End of inner exception stack trace ---
at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
at System.Web.Configuration.ProvidersHelper.InstantiateProviders(ProviderSettingsCollection configProviders, ProviderCollection providers, Type providerType)
at System.Web.Security.Membership.InitializeSettings(Boolean initializeGeneralSettings, RuntimeConfig appConfig, MembershipSection settings)
at System.Web.Security.Membership.Initialize()
at System.Web.Security.Membership.get_Provider()
at System.Web.Security.Membership.ValidateUser(String username, String password)
at <ASPX METHOD>:.ValidateUser(String username, String password) in <ASPX CODEBEHIND>:line 56
at <ASPX METHOD>(Object sender, EventArgs e) in <ASPX CODEBEHIND>::line 26
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.<ASPX CODEBEHIND>:.ProcessRequest(HttpContext context) in d:\local\Temporary ASP.NET Files\root\0a1c09b7\daf71945\App_Web_ahzd2zi1.4.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.<>c__DisplayClass285_0.<ExecuteStepImpl>b__0()
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.StepInvoker.<>c__DisplayClass4_0.<Invoke>b__0()
at Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule.OnExecuteRequestStep(HttpContextBase context, Action step)
at System.Web.HttpApplication.<>c__DisplayClass284_0.<OnExecuteRequestStep>b__0(Action nextStepAction)
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
The membership config are as follows 成员资格配置如下
<membership defaultProvider="MyADMembershipProvider">
<providers>
<clear />
<add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="<DOMAIN>\<USERNAME>" connectionPassword="<PASSWORD>" />
</providers>
</membership>
The connection string is 连接字符串是
<add name="ADConnectionString" connectionString="LDAP://<IPADDRESS>:<PORT>/DC=<DOMAIN>,DC=local" />
Can't seem to find anything that would indicate that there is something different running it in Azure. 似乎找不到任何迹象表明在Azure中运行它有所不同。 Any insight is appreciated.
任何见解均表示赞赏。
Azure App Services do not work with Active directory. Azure App Services不适用于Active Directory。 You may want to explore Azure Active Directory.
您可能要探索Azure Active Directory。
LDAP will not work on Cloud directly. LDAP无法直接在Cloud上运行。 You will have to use Azure AD Domain Services - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/configure-ldaps
您将必须使用Azure AD域服务-https://docs.microsoft.com/zh-cn/azure/active-directory-domain-services/configure-ldaps
Also, App services is a sandboxed environment. 此外,App服务是一个沙盒环境。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.