stackoom
  简体   繁体   中英

ASP.NET Active Directory role provider

 原文  2014-01-25 02:50:03       c#/ asp.net/ active-directory

Question

This is my first time working with ASP.NET Role membership in active directory.

So far i've got a website running, and im able to log in with a active directory user.

My problem is: I cant get "Roles.IsUserInRole" to trigger. It's like it dosent even look at the logged in user for group memberships.

I have been searching for a solution, but the only solution i can find is to write my own membership provider. Is this really neccesary?

I want to control what the users can access with their memberships. Like if a user is in the "students" security group in the AD then they can only access pages in a student fold in my ASP.NET solution.

I am useing form authentication.

Here is a sample of my webconfig for my rolemanager: 

    <system.web>
  <roleManager defaultProvider="WindowsProvider"
               enabled="true"
               cacheRolesInCookie="false">
    <providers>
      <add
        name="WindowsProvider"
        type="System.Web.Security.WindowsTokenRoleProvider" />
    </providers>
  </roleManager>
</system.web>

and here im trying the IsUserInRole 

        protected void Login2_LoggingIn(object sender, LoginCancelEventArgs e)
        {
            if (Roles.IsUserInRole("Students"))
            {
            Response.Redirect("../Students/StartPage.aspx");
            }
        }

Bonus question: I am only able to login with users from the "Users" container ind my AD. Why cant i login with a user from a OU some levels down?

3 answers

solution1
 1  2014-01-25 11:10:57

As to your first question, have you already tried to use the group name together with the domain name ie Roles.IsUserInRole(@"DOMAIN\\groupName") ?

As to your second question. I assume that you use ActiveDirectoryMembershipProvider . If so, I think that you have a connection string in your web.config (which is used by the provider)and this connection string specifies that the provider should use Users container. However, you don't have to specify the concrete conatainer (for details see this site ). For example instead of:

LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com

You can use:

LDAP://testdomain.test.com

solution2
 1 ACCPTED  2014-01-25 14:05:38

From your description, you appear to be using Forms Authentication with ActiveDirectoryMembershipProvider for authentication.

This is not compatible with WindowsTokenRoleProvider . To use WindowsTokenRoleProvider , which exposes roles based on Windows group membership, you need to be using Windows authentication.

solution3
 0  2015-03-13 16:37:00

Make sure you Remove: 

 <authentication mode="Forms">....</authentication>

then you can alternatively use: 

User.IsInRole("Students");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Role Provider not working Override Role Provider - ASP.NET Choosing a role provider - ASP.net membership provider Asp.Net Role-based authentication using Security groups in Active Directory ASP.Net MVC Web page - hiding buttons based on Active Directory role Active Directory authentication in ASP.NET Active Directory in Asp.net core active directory users on asp.net Azure active directory authentication in asp.net Active Directory Authentication on ASP.NET MVC
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM