针对 AD 的混合模式身份验证，如果使用成员资格提供程序失败，则回退到数据库 [英] mixed mode authentication against AD and fallback to the database if it fail with Membership providers

问题描述

我的用户将针对 Active Directory 或数据库使用表单身份验证.那里没有 Windows 集成身份验证！

my user will use form authentication against Active Directory or database. Theres no Windows Integrated Authentication there!!

我想要的是当用户提交身份验证表单时，它会尝试根据 Active Directory 验证用户，如果失败，请尝试使用数据库.

What i want is when the user submit the authentication form, it will try to validate the user against Active Directory and if it fail, try with the database.

我该怎么做?我的想法是构建一个自定义成员资格提供程序来封装逻辑，但我不知道如何开始.

How can i do that? What i had in mind was to build a custom membership provider that will encapsulate the logic but im not sure how to start.

有什么更好的主意吗?

推荐答案

实现这一点的唯一方法是创建自定义提供程序.

The only way you are going to be able to implement this is by creating a custom provider.

在一个完美的世界中，您可以简单地创建一个外观提供程序，然后根据需要利用适当的提供程序、SQL 或 AD 来验证并返回 MembershipUser 到您认为必要的任何完整程度.

In a perfect world, you could simply create a facade provider and then leverage the appropriate provider, SQL or AD, as necessary, to authenticate and return MembershipUser to whatever degree of completeness you find necessary.

在现实世界中，这仍然是可能的，但您需要跳过几个环节:

In the real world, this is still possible but you will need to jump through a few hoops:

• 创建您的外观提供程序并将其首先放在 membership 元素的 providers 子元素中，并将其设置为 中的 defaultProvider>membership 元素
• 正确配置 SqlMembershipProvider 和一个 ActiveDirectoryMembershipProvider 并将它们在你的门面之后.
• 从您的外观中，访问静态 Membership.Providers 集合中配置的提供程序，以根据需要执行功能.

• create your facade provider and place it first in the providers child element of the membership element AND set it as defaultProvider in the membership element
• properly configure a SqlMembershipProvider and an ActiveDirectoryMembershipProvider and place them after your facade.
• from your facade, access the configured providers from the static Membership.Providers collection to perform the functions as needed.

如果你需要使用角色，你可能会发现你需要重复这个模式，虽然它适用，但实现会更复杂一些，超出了本文的范围.

You may find that you need to repeat this pattern if you need to use roles and while it is applicable, the implementation will be a bit more complex and beyond the scope of this post.

或者，可以在 此处，是实施工业级自定义提供程序的绝佳起点和指南.

Alternately, full source code for the SQL providers can be found here and are a great starting point and guidance for implementing an industrial grade custom provider.

我建议在尝试从头开始实施自定义安全功能之前，首先探索阻力最小(以及最少的劳动和头痛)的路径并刺穿外观.

I would suggest first exploring the path of least resistance (and least labor and headache) and spike a facade before attempting to implement a custom security feature from scratch.

祝你好运.

这篇关于针对 AD 的混合模式身份验证，如果使用成员资格提供程序失败，则回退到数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！