如何使用Active Directory实现ASP.NET身份验证和授权 [英] How to use active directory to implement ASP.NET authentication and authorization

问题描述

如何使用Active Directory实现ASP.NET身份验证和授权。我可以使用我的域帐户登录，但我无法打开要求用户成为管理员帐户的页面。

我认为问题出在我的web.config上。

How to use active directory to implement ASP.NET authentication and authorization. I'm able to log in with my domain account but I can't open pages that require users to be Admin Accounts.
I think the issue is with my web.config.

<configuration>
  <configsections>
    &lt;!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 --&gt;
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirepermission="false" />
  </configsections>
  <connectionstrings>
    <add name="ADServices" connectionstring="LDAP://Domain Name" />
    <add name="ContactsConnectionString" connectionstring="Data Source=L-DXJ2GV1;Initial Catalog=Contacts;User ID=xxxxx;Password=xxxxxx" providername="System.Data.SqlClient" />
  </connectionstrings>
  <system.web>
    <compilation debug="true" targetframework="4.5" />
    <httpruntime targetframework="4.5" />
    <pages>
      <namespaces>
        <add namespace="System.Web.Optimization" />
      </namespaces>

<add namespace="System.Web.Optimization" />
  </namespaces>
<controls>
  <add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagprefix="webopt" />
</controls>
</pages>
<authentication mode="Windows" />
<authorization>
  <allow roles="Domain\Administrators" />
  <deny users="?" />
</authorization

>

>

<membership defaultprovider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <clear />
        <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,              &lt;br mode=" hold=" /&gt;         System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionstringname="ADServices">
        connectionUsername="Domain\XXXXXX" connectionPassword="XXXXXX" attributeMapUsername="sAMAccountName" applicationName="/" /&gt;

      </add></providers>
    </membership>
    <rolemanager defaultprovider="WindowsProvider" enabled="true" cacherolesincookie="false">
      <providers>
        <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
      </providers>
    </rolemanager>
    <sessionstate mode="InProc" customprovider="DefaultSessionProvider">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral,         PublicKeyToken=31bf3856ad364e35" connectionstringname="ContactsConnectionString" />
      </providers>
    </sessionstate>
  </system.web>
  <runtime>
    <assemblybinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentassembly>
        <assemblyidentity name="DotNetOpenAuth.Core" publickeytoken="2780ccd10d57b246" />
        <bindingredirect oldversion="1.0.0.0-4.0.0.0" newversion="4.1.0.0" />
      </dependentassembly>
      <dependentassembly>
        <assemblyidentity name="DotNetOpenAuth.AspNet" publickeytoken="2780ccd10d57b246" />
        <bindingredirect oldversion="1.0.0.0-4.0.0.0" newversion="4.1.0.0" />
      </dependentassembly>
    </assemblybinding>
  </runtime>
  <entityframework>
    <defaultconnectionfactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v11.0" />
      </parameters>
    </defaultconnectionfactory>
  </entityframework>
  <location path="Administration">
    <system.web>
      <authorization>
        <allow roles="Domain\Admin Accounts" />
        <deny users="*" />
      </authorization>
      <identity impersonate="true" />
    </system.web>
  </location>
  <system.webserver>
    <validation validateintegratedmodeconfiguration="false" />
  </system.webserver>
</configuration

>











以下是我尝试在管理文件夹中打开网页时的错误消息：



服务器错误在'/'应用程序。



API由于错误而失败''



描述：未处理的异常在执行当前Web请求期间发生。请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息。



异常详细信息：System.Configuration.Provider.ProviderException：API由于错误而失败''



源错误：



在执行当前Web请求期间生成了未处理的异常。可以使用下面的异常堆栈跟踪来识别有关异常的起源和位置的信息。



堆栈跟踪：





[ProviderException：由于错误导致API失败'']
System.Web.Security.WindowsTokenRoleProvider.GetRolesForUser（String username）+2248217

System.Web.Security.RolePrincipal.IsInRole（String role）+9461104

System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole（StringCollection role，IPrincipal principal）+98

System.Web.Configuration.AuthorizationRule.IsUserAllowed（IPrincipal user，String verb）+167

System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed（IPrincipal user，String verb）+190

System.Web.Security.UrlAuthorizationModule.OnEnter（Object source，EventArgs eventArgs）+9710369

System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute（）+136

System.Web.HttpApplication.ExecuteStep（IExecutionStep step，Boolean& completedSynchronously）+69

>





Below is the error message when I tried to open webpages in the Administration folder:

Server Error in '/' Application.

API failed due to error ''

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Configuration.Provider.ProviderException: API failed due to error ''

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[ProviderException: API failed due to error '']
System.Web.Security.WindowsTokenRoleProvider.GetRolesForUser(String username) +2248217
System.Web.Security.RolePrincipal.IsInRole(String role) +9461104
System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +98
System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +167
System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +190
System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +9710369
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

推荐答案

这篇关于如何使用Active Directory实现ASP.NET身份验证和授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！