配置ASP.NET MVC反对AD认证 [英] Configure ASP.NET MVC for authentication against AD
问题描述
什么是高级步骤来验证对Active Directory?
ASP.NET MVC应用程序的用户我presume是这样的:
- 修改web.config中使用Windows身份验证
- 配置web.config中使用ActiveDirectoryMembershipProvider
- 配置为使用自定义RoleProvider看起来在公元web.config中
请问上面看起来合理,如果是的话,你在哪里我把有效用户检测逻辑?
在我的情况下,有效的用户是一个人在一个特定的AD域。
表单验证
您可以使用正常的窗体身份验证到用户针对Active Directory进行身份验证,对于你只需要你的AD连接字符串:
<的ConnectionStrings>
<添加名称=ADConn的connectionString =LDAP:// YourConnection/>
< /的ConnectionStrings>
和添加成员资格提供程序使用此连接:
<会员defaultProvider =ADMembership>
<供应商>
<添加名称=ADMembership
TYPE =System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web程序,
版本= 2.0.0.0,
文化=中立,
PublicToken = b03f5f7f11d50a3a
的connectionStringName =ADConn
connectionUsername =域/用户
connectionPassword =PWD/>
< /供应商>
< /会员>
您需要使用用户名@域以成功验证用户。
下面是一些让你开始的
- <一个href="http://helios.ca/2009/05/04/aspnet-mvc-forms-authentication-with-active-directory/">http://helios.ca/2009/05/04/aspnet-mvc-forms-authentication-with-active-directory/
Windows身份验证
如果您启动新的项目,你可以随时 Intranet应用从模板中选择,所有的照顾你。
如果你想要做手工,你需要改变:
- 启用Windows身份验证
- 禁用匿名身份验证
有关在IIS7 / 8和IISEx preSS做这方面的详细信息:
IIS 7和IIS 8
- 打开IIS管理器,然后导航至您的网站。
- 在功能视图中,双击身份验证。
在身份验证页中,选择Windows身份验证。如果Windows 验证是不是一种选择,你需要确保Windows身份验证 安装在服务器上。
要在Windows上启用Windows身份验证: )在控制面板中打开程序和功能。 B):选择Windows功能打开或关闭。 C)导航到Internet信息服务>万维网服务>安全 并确保Windows身份验证节点已选中。
要启用Windows服务器上的Windows身份验证: )在服务器管理器,选择Web服务器(IIS),然后单击添加角色服务 B)导航到Web服务器>安全 并确保Windows身份验证节点已选中。
在操作窗格中,单击启用使用Windows身份验证。
- 在验证页面,选择匿名身份验证。
- 在操作窗格中,单击禁用禁用匿名身份验证。
IIS防爆preSS
- 右键单击在Visual Studio中的项目,并选择使用IIS防爆preSS。
- 单击在解决方案资源管理器中的项目,选择项目。
- 如果属性面板没有打开,打开它(F4)。
- 在您的项目属性面板: a)设置匿名身份验证改为已禁用。 b)将Windows身份验证为已启用。
在你的的web.config 有一些像
&LT;的System.Web&GT;
&LT;身份验证模式=窗口/&GT;
&LT;授权&GT;
&LT;拒绝用户=? /&GT;
&LT; /授权&GT;
&LT; /system.web>
这就是它!
现在,当你想要的用户身份,只需拨打
@ User.Identity.Name
和这将显示您的域\用户名像我:
下面是一些让你开始的
- <一个href="http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs">http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs
What are the high level steps to authenticate users of an ASP.NET MVC application against Active Directory?
I presume something like:
- Modify web.config to use Windows authentication
- Configure web.config to use the ActiveDirectoryMembershipProvider
- Configure the web.config to use a custom RoleProvider that looks in AD
Does the above look sensible, and if so, where do I put the valid user detection logic?
In my case a valid user is someone on a specific AD domain.
Forms Authentication
You can use the normal forms authentication to authenticate a user against an Active Directory, for that you just need you AD connection string:
<connectionStrings>
<add name="ADConn" connectionString="LDAP://YourConnection" />
</connectionStrings>
and add the Membership Provider to use this connection:
<membership defaultProvider="ADMembership">
<providers>
<add name="ADMembership"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web,
Version=2.0.0.0,
Culture=neutral,
PublicToken=b03f5f7f11d50a3a"
connectionStringName="ADConn"
connectionUsername="domain/user"
connectionPassword="pwd" />
</providers>
</membership>
you will need to use username@domain to successfully authenticate the user.
Here is something to get you start
Windows Authentication
If you start your project new, you can always select Intranet application from the template and all is taken care for you
If you want to do it manually, you need to change:
- Enable Windows Authentication
- Disable Anonymous authentication
for detailed info on doing this on IIS7/8 and IISExpress:
IIS 7 & IIS 8
- Open IIS Manager and navigate to your website.
- In Features View, double-click Authentication.
On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure Windows authentication is installed on the server.
To enable Windows authentication on Windows: a) In Control Panel open "Programs and Features". b) Select "Turn Windows features on or off". c) Navigate to Internet Information Services > World Wide Web Services > Security and make sure the Windows authentication node is checked.
To enable Windows authentication on Windows Server: a) In Server Manager, select Web Server (IIS) and click Add Role Services b) Navigate to Web Server > Security and make sure the Windows authentication node is checked.
In the Actions pane, click Enable to use Windows authentication.
- On the Authentication page, select Anonymous authentication.
- In the Actions pane, click Disable to disable anonymous authentication.
IIS Express
- Right click on the project in Visual Studio and select Use IIS Express.
- Click on your project in the Solution Explorer to select the project.
- If the Properties pane is not open, open it (F4).
- In the Properties pane for your project: a) Set "Anonymous Authentication" to "Disabled". b) Set "Windows Authentication" to "Enabled".
In your web.config have something like
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
and that's it!
Now, when you want the user identity, just call
@User.Identity.Name
and this will show you the Domain\Username like for me :
Here is something to get you start
这篇关于配置ASP.NET MVC反对AD认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
