堆栈内存溢出
  简体   繁体   English

Asp.net MVC 3 Windows身份验证与登录表单

[英]Asp.net mvc 3 Windows Authentication with Login form

 原文  2011-11-27 14:57:48       c#/ asp.net/ asp.net-mvc-3/ windows-authentication

问题描述

I have already created a form authentication application. 我已经创建了表单身份验证应用程序。 I had User table and created a custom membership provider. 我有用户表,并创建了一个自定义成员资格提供程序。 My user table has relations with other tables such as roles and permissions. 我的用户表与其他表有关系,例如角色和权限。

  1. I change that to work using Windows Authentication. 我将其更改为使用Windows身份验证可以工作。 It looks easy but I have no clue how to still be able to read permissions from my tables? 看起来很简单,但是我不知道如何仍然能够从表中读取权限? some tables are related to User table and requires user id, what to do here? 一些表与User表相关,并且需要用户ID,在这里该怎么做? should I break the foreign key? 我应该打破外键吗?

  2. If a user is accessing the page from LAN, s/he should get logged automatically, but if they accessed the application over internet, I should allow them to login? 如果用户正在通过LAN访问该页面,则他/他应该被自动登录,但是如果他们通过Internet访问该应用程序,我应该允许他们登录吗? How to do this? 这个怎么做? What passwords should they use to login (active directory or my User table)? 他们应该使用什么密码登录(活动目录或我的用户表)?

I hope i get simple and easy answers. 我希望我能得到简单容易的答案。

Regards 问候

2 个解决方案

解决方案1
 0  2011-11-27 15:16:17

If you use Windows authentication, the user is going to be prompted for credentials just to access your site. 如果您使用Windows身份验证,则将提示用户输入凭据,仅用于访问您的站点。 You won't be able to prevent that. 您将无法防止这种情况。 They won't even get to your code until they are authenticated. 在通过身份验证之前,他们甚至不会进入您的代码。

We've done similar things using SSO (single sign-on), though I've never tied it to Windows authentication. 尽管我从未将其绑定到Windows身份验证,但我们已经使用SSO(单点登录)完成了类似的操作。 The idea would be that you have two apps that share user credentials and, if you are logged into one, you are logged into the other. 这样的想法是,您有两个共享用户凭据的应用程序,并且如果登录到一个,则登录到另一个。 The first app would be your normal application which supports forms-based authentication. 第一个应用程序是支持基于表单的身份验证的普通应用程序。 The second would be an app that only does Windows authentication and then, upon successful login, redirects to your normal application. 第二个是仅执行Windows身份验证的应用程序,然后在成功登录后重定向到您的普通应用程序。 Since you're already authenticated, the normal application simply creates it's standard authentication cookie and takes you to the main page of the application. 由于您已经通过身份验证,因此普通应用程序只需创建它的标准身份验证cookie,然后将您带到应用程序的主页。

Typically these work by passing a token in the URL which you can then redeem via a back channel to the SSO server (or, in your case the Windows authentication server) to confirm that the token is authentic. 通常,这些方法是通过在URL中传递令牌来进行的,然后您可以通过反向通道将令牌赎回到SSO服务器(或Windows身份验证服务器)中,以确认令牌是真实的。 The response to the back channel call contains the user name and other pertinent details if the token is successfully redeemed. 如果成功兑换了令牌,则对反向通道调用的响应将包含用户名和其他相关详细信息。

A sketch of the process might look like: 该过程的草图可能如下所示:

  1. Get request to protected action on site. 获取对现场受保护操作的请求。
  2. If not authenticated, redirect to login site without token 如果未通过身份验证,则无需令牌即可重定向到登录站点
    • Your login site contains both a forms-based login form and a link to the Windows authentication url 您的登录站点包含基于表单的登录表单和Windows身份验证URL的链接。
  3. User clicks the Windows authentication url 用户单击Windows身份验证URL
  4. Windows authentication site authenticates, creates a one-time use token in DB for user, and redirects back to your login action with token Windows身份验证站点进行身份验证,在数据库中为用户创建一次性使用令牌,然后使用令牌重定向回您的登录操作
  5. Your login action redeems the token via back channel WebRequest to the Windows authentication server. 您的登录操作通过反向通道WebRequest将令牌赎回到Windows身份验证服务器。
  6. Windows authentication server validates the token, marking it as used, then returns the username to your login action. Windows身份验证服务器验证令牌,将其标记为已使用,然后将用户名返回到您的登录操作。
  7. Your login action creates standard forms authentication cookie and continues as normal. 您的登录操作将创建标准表单身份验证cookie,然后继续正常进行。

解决方案2
 0 已采纳  2011-11-27 15:17:56

  1. In your controllers you can use User.Identity.Name to get the users AD username. 在控制器中,您可以使用User.Identity.Name来获取用户的AD用户名。 You can then add a field to your users table called ADUSername (or update the values in the existing username field) so that you can link the logged in user to the existing user record in your database. 然后,可以将一个名为ADUSername的字段添加到用户表(或更新现有用户名字段中的值),以便可以将登录的用户链接到数据库中的现有用户记录。

  2. You don't have to do anything, if the user is accessing it from an external network or any machine that is not on the domain the browser will pop up a username/password prompt. 您无需执行任何操作,如果用户正在从外部网络或不在域中的任何计算机上访问它,则浏览器将弹出用户名/密码提示。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.Net MVC 3登录和Windows身份验证 - ASP.Net MVC 3 Login and Windows Authentication 在ASP.NET MVC中使用自定义登录页面进行Intranet Windows身份验证 - intranet windows authentication with with custom login page in ASP.NET MVC ASP.NET MVC 和登录身份验证 - ASP.NET MVC and Login Authentication ASP.NET MVC Windows身份验证集成 - ASP.NET MVC windows authentication integration 验证登录表单 ASP.NET MVC - Validate login form ASP.NET MVC ASP.NET MVC Windows身份验证显示登录提示而不是登录 - ASP.NET MVC Windows Authentication is displaying login prompt instead of logging me in 有没有办法使用 Windows 身份验证注销并以其他用户身份登录? [ASP.NET Core 3.1 MVC] - Is there a way to sign out and login as another user using Windows authentication? [ASP.NET Core 3.1 MVC] ASP.NET登录表单身份验证没有登录控件 - ASP.NET login form authentication without login control ASP.NET MVC Windows身份验证在表单身份验证之上 - ASP.NET MVC Windows authentication on top of forms authentication ASP.NET MVC中的ServiceStack.NET Windows身份验证(NTLM) - ServiceStack.NET Windows Authentication (NTLM) in ASP.NET MVC
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM