使用Active Directory/LDAP进行表单身份验证 [英] Forms Authentication Using Active Directory / LDAP
问题描述
首先-感谢您的光临.
我的问题
在.NET Web应用程序中,将Windows身份验证用于由各种用户,公司,用户代理等组成的WAN上的Extra-net是一个坏主意吗?
In a .NET web app, is using Windows Authentication for a extra-net on a WAN consisting of various users, companies, user-agents, etc a bad idea?
背景
我是快速(超快)网络应用程序的首席开发人员,用于外部网络,该网络将允许客户的供应商,供应商,合作伙伴等登录并推送和拉取某些资产,例如图像文件,视频, Flash文件等.
I am lead dev on a fast track (very fast) web application for an extra-net that will allow the client's vendors, suppliers, partners, etc to log on and push and pull certain assets such as image files, videos, flash files, etc.
平台/技术
Asp.Net 4.0,C#,MVC3
Asp.Net 4.0, C#, MVC3
问题(也许)
客户的IT部门已要求该应用使用Windows身份验证来对用户进行身份验证. (他们说)这样做的原因之一是,用户将要推/拉的资产位于第三方服务器(Signiant)上,该服务器已经使用其活动目录中的凭据来对用户进行身份验证.
The client's IT department has requested that the app use Windows Authentication to authenticate users. One of the reasons for this (they say) is that the assets that will be pushed/pulled by users reside on a third-party server (Signiant) which already uses credentials form their active directory to authenticate users.
我的观看
Windows身份验证将引起很多麻烦.以堆栈形式查看,该应用程序将位于第三方服务器的顶部.因此,如果我们使用Forms身份验证,则可以为每个用户使用Windows凭据填充数据表,并将这些凭据随我们的请求传递给Signiant的服务器(无论如何,您都必须这样做).如果可能的话,我们甚至可以即时对LDAP进行凭据调用,然后将其传递给Signiant的服务器.
Windows Authentication is going to cause a bunch of headaches. Viewed as a stack, this app will sit on top of the third-party server. So if we use Forms authentication, we can just populate a data table with windows credentials for each user and pass those to Signiant's servers with our requests (you have to do this anyway). If possible, we can even make an LDAP call for the creds on the fly and then pass those to Signiant's servers.
在我看来,如果我们正在执行Windows Auth,那么简单的功能(例如丢失的密码")将变得非常困难.但是,经过全面披露,我从未使用Windows身份验证构建过Asp.Net应用程序,所以我知道什么??
It just seems to me that simple functionality such as "lost password" would be come extremely difficult if we are doing the Windows Auth thing. But, full disclosure, I have never built an Asp.Net app using Windows Authentication so what do I know??
谢谢!
马特
更新11年8月12日
对于您是否应该执行此操作,我仍然没有任何答案,但是客户坚信必须采用这种方式.该应用程序预计将在一个月内交付,因此我会回来,并让该主题的所有关注者知道我的发现.
I still don't have an answer as to whether you should do this, but the client is adamant that it must be this way. The app is supposed to be turned over in a month so I will come back and let any followers of this topic know my findings.
推荐答案
ASP.NET内置了对使用Forms Authentication进行AD身份验证的支持,包括密码恢复.
ASP.NET has built in support for doing AD Authentication using Forms Authentication, including password recovery.
请参阅: http://msdn.microsoft.com/en-us/library/ff650308.aspx
这篇关于使用Active Directory/LDAP进行表单身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
