在ASP.Net MVC的LDAP认证 [英] LDAP Authentication in ASP.Net MVC

问题描述

我希望能够使用他们的域用户名和密码验证用户身份，但是默认的ASP.Net MVC应用程序允许用户注册一个用户名和密码，然后登录。我怎样才能做到这一点？

I want to be able to authenticate a user by using their domain UserId and Password, but the default ASP.Net MVC application allows the user to register a userId and password and then log in. How can I do this?

我不希望用户能够注册;但是，他应该能够进入他的Windows域用户名和密码，并通过域服务器进行身份验证。

I don't want the user to be able to register; however, he should be able to enter his windows domain userId and password and be authenticated by the domain server.

这是迈克的博客中，我所看到的解决方案（在这里例如 ）不需要用户输入他/她的用户ID或密码。

The solutions I have seen (for example here on Mike's Blog) do not require the user to enter his/her UserId or password.

我怎样才能让我的ASP.Net MVC应用程序显示在表格日志和验证针对Windows域用户？

How can I get my ASP.Net MVC application to show a log on form and authenticate the user against the windows domain?

请与样品如果可能的话解释

Please explain with a sample if possible

推荐答案

这是如何在Web应用程序的窗体身份验证，因此它可能需要一些适配为MVC做到这一点。使用asp.net成员资格和角色引擎。安装程序提供商使用Active Directory成员资格提供程序，也可以使用的形式进行验证。

This is how to do it in web Apps forms authentication so it may need some adapting for MVC. Use the asp.net membership and roles engine. Setup the provider to use the Active Directory Membership provider AND ALSO use forms for authentication.

<authentication mode="Forms">
  <forms name=".ADAuthCookie" 
         timeout="10"                     
         loginUrl="Login.aspx" 
         defaultUrl="Default.aspx">            
  </forms>

或类似的东西....

or something like it....

提供者设置将是这个样子：

The provider setup will look something like this:

<membership defaultProvider="DomainLoginMembershipProvider">
  <providers>
    <add name="DomainLoginMembershipProvider"           
             type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"           
         connectionStringName="ADConnectionString"
         connectionProtection="Secure"
         connectionUsername="domainuser"
         connectionPassword="pwd"
         attributeMapUsername="sAMAccountName" 
         enableSearchMethods="false"/>
  </providers>
</membership>

的连接保护，用户名和pwd是有权访问查询代表系统的AD中的帐户。根据您的网络的安全性，这可能必须安装，否则您将无法查询AD用户进行身份验证。

The connection protection, user name and pwd are for the account that has access to query AD on behalf of the system. Depending on the security of your network this may have to be setup or you won't be able to query AD to authenticate the user.

您的连接字符串将类似于：

Your connection string will look something like:

<connectionStrings>
  <add name="ADConnectionString"
       connectionString="LDAP://servername:port#/DC=domainname"/>
</connectionStrings>

连接字符串可以有多种形式，所以你可能要研究它为您的环境。

The connection string can take many forms so you may have to research it for your environment.

有关登录页面，您可能需要执行身份验证方法和测试...

For the login page you might have to execute the authentication method and test...

    e.Authenticated = Membership.ValidateUser(username, password);
    if (e.Authenticated == false)...

斯蒂芬Shackow的书专业ASP.Net 2.0安全，成员身份和角色管理有上使用AD会员（第12章），一个良好的覆盖。这不是在MVC中的上下文，但配置和设置将是相同的。

Stephen Shackow's book "Professional ASP.Net 2.0 Security, Membership, and Role Management" has a good coverage on using AD Membership (Chapter 12). It's not in the context of MVC but the configuration and setup would be the same.

这篇关于在ASP.Net MVC的LDAP认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！