是否有可能限制在ASPNET应用到特定域的窗口身份验证的用户？ [英] Is it possible to restrict windows authenticated users in an ASPNet app to specific domains?

问题描述

我在拉动传统的ASP应用到MVC2的过程。我将部署到企业内部网，并已要求启用Windows身份验证的支持。我将部署到网络中有一些AD域和我只需要一个特别集成。是否有可能使用Windows身份验证，只允许特定域范围内的认证？

I'm in the process of pulling a classic ASP app into Mvc2. I'll be deploying to an intranet and have been asked to enable support for Windows Authentication. The network I'll be deploying to has a few AD Domains and I'll only need to integrate with one in particular. Is it possible to use Windows Authentication and only allow authentication within a particular domain?

本着同样的精神，这并不是什么稀罕事用户在多个域的帐户（帐户名称本身通常是不同的） - 在事件中有一个不支持域用户登录我想踢他们一个登录表单。这可能简单地使用Windows验证还是我最好寻找替代？

Along those same lines, it's not uncommon for a user to have an account in multiple domains (the account names themselves are typically different) - in the event a user logs in with an "unsupported" domain I'd like to kick them to a login form. Is this possible simply using Windows Auth or am I better off looking for an alternative?

推荐答案

专业提示：

不管你做什么不实现通过IIS Windows身份验证。有一个窗体身份验证页中你的MVC应用程序，但使用LDAP身份验证提供者。这样就避免了浏览器之间如何实现Windows身份验证的差异（仅行之有效的在IE和这不是一个很大的原因）。

Whatever you do don't implement Windows Authentication via IIS. Have a Forms Authentication page in your MVC app but use the LDAP authentication provider. This way you avoid the differences between how browsers implement Windows Authentication (only works well in IE and that's not a great reason).

这篇关于是否有可能限制在ASPNET应用到特定域的窗口身份验证的用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！