Active Directory中的ASP.NET MVC3 Windows身份验证要求
[英]ASP.NET MVC3 Windows Authentication require from Active Directory
问题描述
I'm looking to create a site that will utilize our Active Directory login system. 
我正在寻找一个将利用我们的Active Directory登录系统的站点。 So in an experiment, I created a project with Windows Authentication and tried logging in from other locations. 因此,在一个实验中,我使用Windows身份验证创建了一个项目,并尝试从其他位置登录。 One machine used my user I was logged in. That's great. 一台机器使用了我登录的用户。太好了。 I logged in from a Mac, it asked me to authenticate. 我从Mac登录,它要求我进行身份验证。 Excellent. 优秀的。
My concern however, is logging in from a computer that isn't logged in as an AD user (and instead as a local admin user). 但是,我担心的是从不是以AD用户(而非本地admin用户)身份登录的计算机登录。 So instead of the user being displayed as AD(USER) it is MACHINE\\USER. 因此,不是将用户显示为AD(USER),而是MACHINE \\ USER。
Is there any way to require my application to have authenticated users from solely the AD space? 有什么方法可以要求我的应用程序仅具有来自AD空间的经过身份验证的用户? Or am I better off making my own authentication logic? 还是我最好自己制定身份验证逻辑?
And in a side subject (I haven't done any searching on it, so feel free to avoid this question), is there a way to permit only a certain group of AD users from accessing the website? 在附带主题中(我尚未对其进行任何搜索,因此可以避免这个问题),是否有办法仅允许特定的AD用户组访问该网站?
(Please note I'm new to both AD and ASP so if I'm simply missing certain terms I'd be glad to do more research) (请注意,我是AD和ASP的新手,因此,如果我只是缺少某些术语,将很乐意进行更多研究)
Thanks! 谢谢!
1 个解决方案
解决方案1
1 已采纳 2012-09-18 23:27:27
That awkward moment when you ask for help, do a bit more searching and answer it yourself. 当您寻求帮助的尴尬时刻,请多做一些搜索并自己回答。
http://bytes.com/topic/asp-net/answers/343407-using-web-config-allow-access-domain-users-only http://bytes.com/topic/asp-net/answers/343407-using-web-config-allow-access-domain-users-only
So I did this: 所以我这样做:
<authorization>
<allow roles="AD\Group.Name" />
<deny users="?" />
<deny users="*" />
</authorization>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.