堆栈内存溢出
  简体   繁体   English

存储对AD组的引用的最佳方法是什么?

[英]What is the best way to store a reference to an AD group?

 原文  2008-10-17 20:52:57       c#/ asp.net/ active-directory

问题描述

I'm writing an intranet application for a client and I want to give them the ability to configure through an admin interface, which users and user groups can access certain areas. 我正在为客户端编写Intranet应用程序,我想让他们能够通过管理界面进行配置,用户和用户组可以访问某些区域。 What I'd like to know is the best way of storing the reference to the user or group that is assigned to an area of the intranet. 我想知道的是存储对分配给Intranet区域的用户或组的引用的最佳方法。

Should I be using the domain\\username and domain\\groupname strings or should i perhaps be using the fully qualified ad name ie ou=computer room;cn=blah etc? 我应该使用domain \\ usernamedomain \\ groupname字符串还是应该使用完全限定的广告名称,例如ou = computer room; cn = blah等?

I will be storing the reference in SQL. 我将在SQL中存储引用。

3 个解决方案

解决方案1
 0  2008-10-17 21:03:09

Personally, I believe that the "Domain\\Username" format is sufficiently readable. 我个人认为“域\\用户名”格式具有足够的可读性。

Also, if you were editing the SQL table directly, you could pretty easily insert a record for a user for testing or debugging purposes. 另外,如果您直接编辑SQL表,则可以很容易地为用户插入一条记录,以进行测试或调试。

解决方案2
 0  2008-10-18 20:15:30

If you want to be absolutley sure you have the right user / group you could use the SID (security identifier that exist on any object in active directory that can be assigned permissions, and its a GUID) 如果要绝对确保您拥有正确的用户/组,则可以使用SID(活动目录中可分配权限的任何对象上存在的安全标识符,以及其GUID)

I am not sure what the context is of the application, but perhaps look at using Active Directory security to stop users from going to place the should not be going, or if it is not a high volume site, some of that could perhaps be done with integrated authentication, and doing the security validation on sql. 我不确定应用程序的上下文是什么,但是也许要看一下使用Active Directory安全性阻止用户移入不应执行的操作,或者如果该站点不是大量站点,则可能可以完成其中一些操作集成身份验证,并在sql上进行安全性验证。

I have had frustrations with LDAP query's and AD, as diffrent domain controllers can sometimes give diffrent answers, or not even find the object, or require you to log in before you can query AD. 我对LDAP查询和AD感到沮丧,因为不同的域控制器有时可以给出不同的答案,甚至找不到对象,或者要求您登录才能查询AD。

解决方案3
 0 已采纳  2008-10-19 02:32:08

I would use domain\\group in case the group gets moved or deleted/recreated. 我会使用domain \\ group,以防组被移动或删除/重新创建。 Using CN is brittle in the face of changes to the OU structure. 面对OU结构的更改,使用CN非常困难。 SIDs are not human readable and will break if the object is deleted/recreated. SID不是人类可读的,如果删除/重新创建对象,SID会损坏。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 什么是存储和引用数百个值的有效方法? - What is an efficient way to store and reference hundreds of values? 分组分组的最佳方法是什么? - What is the best way to group groupings of groupings? 存储下载文件的最佳方法是什么? - What is the best way to store downloaded files? 将DateTime存储到cookie中的最佳方法是什么? - What is the best way to store DateTime into cookies? 存储临时数据的最佳方法是什么? - What is the best way to store temporary data? 在数据库中存储货币价值的最佳方式是什么? - What is the best way to store a money value in the database? 在C#中按名称获取和保留属性引用的最佳方法是什么 - What is the best way get and hold property reference by name in c# 跨AppDomains实施引用计数的最佳方法是什么? - What would be the best way to implement reference counting across AppDomains? 修复“xml 外部实体引用限制不当”的最佳方法是什么? - What is the best way to fix “Improper Restriction of xml external entity reference”? 跳过为结构提供完整名称空间引用的最佳方法是什么? - What's the best way to skip giving the full namespace reference to a structure?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM