custom membership with existing aspnet Role provider?
Question
We currently have an application which has been in production for a few years, it was build using .Net 3.5 and used aspnet membership provider to handle the user authentication, creation and role management. Recently we received requests to put in a few upgrades to the application, in the process we moved it to Visual Studio 2013, .Net 4.5. One of the upgrades requested was to use our company's LDAP for authentication, is this possible? We did not want to rebuild the authentication/authorization/roles piece, can we leave the roles part and change the authentication/authroization parts only? Currently we have the following in our web.config
<roleManager enabled="true" /> <compilation debug="true" targetFramework="4.5"> <assemblies> ... </assemblies> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Forms"> <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" protection="All" timeout="30" requireSSL="false" slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" defaultUrl="default.aspx" /> </authentication> <authorization> <deny users="?" /> </authorization>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
<add name="PasswordResetMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
1 answers
solution1
1 ACCPTED 2014-01-29 15:53:06
The existing active directory membership provider should do fine
As for roles, as far as I know there is no built in AD role provider but there was a project that aimed to create it:
Another approach would be to switch to federated authentication. This still makes that you don't need any changes to your code except for the login part but benefit is that you have the single sign-on for multiple applications, some of them don't even have to be .net-based. It means that users login only once and the authentication flow passes user information, including roles, to requesting application.
If you decide to follow this, read about ADFS2.0 and claims-based security.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.