ASP.NET MVC:如何为 LDAP 身份验证设置 web.config? [英] ASP.NET MVC: How to setup web.config for LDAP authentication?

问题描述

我有一个使用这些参数的 LDAP 服务器:

I have a working LDAP Server with these parameters:

OU=users,OU=mydomain,O=this domain
LDAP://myhost:389 

我成功使用通用 ldap 客户端访问，例如 Jarek Gawor 的 ldap 浏览器/客户端，具有以下设置:

I successfully access with a generic ldap client, like the good Jarek Gawor's ldap browser/client with following settings:

OU=users,OU=mydomain,O=this domain
User info (append base DN):
uid=myid
password=mypwd

我尝试使用 ASP.NET 进行相同的操作，但总是收到错误用户名或密码错误".你能帮我用上面的参数设置web.config吗?我做了很多尝试，比如更改连接用户名、删除域名、设置 uid=myid 等...

I tried to to the same with ASP.NET, getting always the error "wrong username or password". May you help me to setup web.config with above parameters, please? I did many tries, like changing connectionUsername, removing domainname, putting uid=myid, etc...

web.config

<configuration>
  <connectionStrings>
  <add name="ADConnectionString" connectionString="LDAP://myhost:389"/>
  ....

<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <add name="DefaultMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         connectionProtection="None"
         connectionUsername="MYDOMAINmyid"
         connectionPassword="mypwd"
         attributeMapUsername="sAMAccountName"
         enableSearchMethods="True" />
  </providers>
</membership>
......

提前致谢

推荐答案

我成功地使用了以下 web.config 设置.

I succeeded in getting it work with the following web.config setup.

有两个问题/错误:

1st)我没有指定容器，所以我按照@Kevin的提示:

1st) I did not specify the container, so I followed @Kevin's hints:

<configuration>
  <connectionStrings>
  <add name="ADConnectionString" connectionString="LDAP://myhost:389/O=this domain,CN=Users,DC=mydomain,DC=com"/>
  ....

我认为这与 CN 相关，而 O 可以在这里省略，但我认为这不是很重要...

I think that was relevant the CN, while O could be omitted here, but I do not think this is very important...

2nd)我将 DN 基础和用户名(以 uid= 形式)放在 connectionUsername 参数中:

2nd) I put the DN base and username (in the form uid=) together inside connectionUsername parameter:

<membership defaultProvider="DefaultMembershipProvider">
  <providers>
<add name="DefaultMembershipProvider"
     type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
     connectionStringName="ADConnectionString"
     connectionProtection="None"
     connectionUsername="uid=myid, O=this domain"
     connectionPassword="mypwd"
     attributeMapUsername="sAMAccountName"
     enableSearchMethods="True" />

请注意，在我的情况下，我需要输入 uid=myid.我不知道这是否是一个通用的解决方案；可能和我公司的ADAS配置有关，我不知道.我希望这可以帮助你们中的一些人......如果你觉得这个解决方案有用，请投票，谢谢.

Please note, in my case I needed to put uid=myid. I do not know if this could be a general solution; perhaps it is related to ADAS configuration of my company, I do not know. I hope this can help some of you...please vote up if you find this solution useful, thx.

@Kevin:非常感谢.你帮了大忙！

@Kevin: Thank you very much. You have been very helpful!

这篇关于ASP.NET MVC:如何为 LDAP 身份验证设置 web.config?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！