stackoom
  简体   繁体   中英

Active Directory Membership Provider - AD Groups / Web.Config not working

 原文  2013-01-07 13:12:23       asp.net/ .net/ active-directory

Question

I have a asp.net/c# application that is using Windows authentication. I'm trying to control permission based on what AD users belong in but I can't seem to get it to work through the web.config.

I also added some code in the code behind and it's even acting strange: 

if (Roles.IsUserInRole("STP Admin"))
{
    int j = 1;
}

if (User.IsInRole(@"DOMAINNAME\STP Admin"))
{
    int i = 1;
}

the first if block does not work however the second one does. So I believe this tells me the application can/is communicating with AD.

Here is my web.config that is where I'd like the code to go and it is not working for granting permissions. It will deny me access to the paths even though I am in those groups, proven by code above. 

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <configSections>

    <section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
  </configSections>
  <loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true">
    <listeners>
      <add databaseInstanceName="STPDB" writeLogStoredProcName="WriteAuditLog" addCategoryStoredProcName="AddAuditCategory" formatter="Custom Audit Database Formatter" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Database.Configuration.FormattedDatabaseTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.Database.FormattedDatabaseTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Database Trace Listener"/>
      <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener"/>
    </listeners>
    <formatters>
      <add template="{dictionary({key} - {value})}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Custom Audit Database Formatter"/>
      <add template="Timestamp: {timestamp}&#xA;Message: {message}&#xA;Category: {category}&#xA;Priority: {priority}&#xA;EventId: {eventid}&#xA;Severity: {severity}&#xA;Title:{title}&#xA;Machine: {machine}&#xA;Application Domain: {appDomain}&#xA;Process Id: {processId}&#xA;Process Name: {processName}&#xA;Win32 Thread Id: {win32ThreadId}&#xA;Thread Name: {threadName}&#xA;Extended Properties: {dictionary({key} - {value}&#xA;)}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter"/>
    </formatters>
    <categorySources>
      <add switchValue="All" name="Audit">
        <listeners>
          <add name="Database Trace Listener"/>
        </listeners>
      </add>
      <add switchValue="All" name="General">
        <listeners>
          <add name="Formatted EventLog TraceListener"/>
        </listeners>
      </add>
    </categorySources>
    <specialSources>
      <allEvents switchValue="All" name="All Events"/>
      <notProcessed switchValue="All" name="Unprocessed Category">
        <listeners>
          <add name="Formatted EventLog TraceListener"/>
        </listeners>
      </notProcessed>
      <errors switchValue="All" name="Logging Errors &amp; Warnings">
        <listeners>
          <add name="Formatted EventLog TraceListener"/>
        </listeners>
      </errors>
    </specialSources>
  </loggingConfiguration> 
  <connectionStrings>
    <add name="STPDB" connectionString="Data Source=server\;Initial Catalog=DB;user id=usr;pwd=pass;Integrated Security=False" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <appSettings>
    <add key="FromEmailAddress" value="stp1@company.com"/>
    <add key="TrainingWarning" value="*Note: Training not being recorded for Medical, ..."/>
    <add key="PrivacyMessage" value="This Information System Is Subject To The Privacy Act Of 1974"/>
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <securityPolicy>
      <trustLevel name="Full" policyFile="internal"/>
    </securityPolicy>
    <authentication mode="Windows"/>
    <authorization>
      <deny users="?"/>
      <allow roles="DOMAIN\STP Training"/>
      <allow roles="DOMAIN\STP Personnel"/>
      <allow roles="DOMAIN\STP Admin"/>
      <allow users="*"/>
    </authorization>
    <identity impersonate="true"/>

    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <clear/>
        <add name="AspNetActiveDirectoryMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, 
                 System.Web, Version=4.0.0.0, Culture=neutral, 
                 PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
      </providers>
    </roleManager>

    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>    

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
        -->

    <customErrors mode="RemoteOnly" redirectMode="ResponseRewrite" defaultRedirect="~/ErrorPage.aspx">
    </customErrors>
  </system.web>

  <location path="\TrainingSec">
    <system.web>
      <authorization>
        <allow roles="STP Training"/>
        <allow roles="STP Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="\Manage">
    <system.web>
      <authorization>
        <allow roles="STP Training"/>
        <deny users="*"/>
        <allow roles="Sentry Admin"/>
      </authorization>
    </system.web>
  </location>

  <location path="\Admin">
    <system.web>
      <authorization>
        <allow roles="STP Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>    
  </location>

  <system.net>
    <mailSettings>
      <smtp deliveryMethod="Network" from="STP@Company.com">
        <network defaultCredentials="false" host="11.111.11.11" port="25"/>
      </smtp>
    </mailSettings>
  </system.net>

  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
    <defaultDocument>
      <files>
        <clear />
        <add value="Dashboard.aspx"/>
      </files>
    </defaultDocument>
  </system.webServer>
</configuration>

1 answers

solution1
 1 ACCPTED  2013-01-07 13:48:52

You seem to have forgotten the domain part : 

  <location path="\TrainingSec">
    <system.web>
      <authorization>
        <allow roles="DOMAIN\STP Training"/>
        <allow roles="DOMAIN\STP Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error in web.config with membership AD provider Membership provider error mvc web.config Web.config issue In memberShip Provider Restricting AD groups in web.config web.config and membership Change Attribute Of Membership Provider Programmatically In Web.Config Membership provider properties not being read from web.config Membership Custom Provider Fails Invocation in web.config Which Membership Provider implements users stored in web.config? ASP.NET Active Directory Role Provider via web.config
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM