如何使用Windows和窗体身份验证与单个自定义角色提供 [英] How to use both windows and forms auth with a single custom role provider
问题描述
我有一个自定义角色提供程序,建立在一个角色的实体和多对多的关系称为RoleUser,我的窗体身份验证的用户实体和角色之间。我想这个角色提供商切换到使用Windows身份验证,以及现在。我回小猪形式的用户,并在我的用户实体创建AD用户的阴影,似乎方便。
I have a custom role provider, built on a Role entity, and a many to many relationship called RoleUser, between my forms auth User entities and the Roles. I would like to switch this roles provider into using Windows auth as well now. It seems convenient for me piggy back of the forms Users, and create 'shadows' of AD users in my Users entities.
这是可行的,或皱眉,以及是否有任何好论文等对这种设置的?
Is this feasible or frowned upon, and are there any good papers etc. on this kind of setup?
我使用EF code首先对SQL 2005,而我不是使用自定义成员资格提供程序,因为我的用户控制器和存储库处理所有我需要相当精细;只是一个角色提供。
I'm using EF Code First against SQL 2005, and am not using a custom membership provider, as my User controller and repository handle all I need quite fine; just a role provider.
推荐答案
请注意,我们有5个类型的身份验证:
Notice that we have 5 types of authentication:
1 <一个href=\"http://weblogs.asp.net/jgalloway/archive/2012/04/18/asp-net-mvc-authentication-global-authentication-and-allow-anonymous.aspx\"相对=nofollow>匿名身份验证
2 - Asp.net假冒
4-表单验证HTTP 302登录/重定向
4- Forms Authentication HTTP 302 Login/Redirect
5的Windows身份验证HTTP 401挑战
5- Windows Authentication HTTP 401 Challenge
MVC哲学的认证是指这个事实,MVC不使用 ViewState的验证users.It不使用基于服务器的视图状态或形式。这使得MVC框架非常适合谁想要在应用程序的行为完全控制开发人员。
The Philosophy of MVC authentication refers to this fact that, MVC doesn't use ViewState to authenticate users.It does not use view state or server-based forms. This makes the MVC framework ideal for developers who want full control over the behavior of an application.
据MVC标准,Windows身份验证适用于Intranet应用程序,和窗体身份验证的互联网应用,因为安全问题等等等等。
According to MVC standards, windows authentication is suitable for intranet applications, and forms authentication for internet application, because of security issues and so more.
这不是通常使用两个窗口和窗体身份验证一起。但是你可以使用它们的混合动力这样的 $ C $文章的CProject 。除非你想通过你的编程做这样窗体身份验证,并在后台存储Windows帐户信息的行为,以存储DB或等。只有确保有身份验证类型之间没有挑战。
It's not common to use both windows and forms authentication together. But you can use hybrid of them like this codeproject article. Unless you want to do an action like forms authentication and at the backend store windows account information via your programmability to store to DB or etc. Only make sure there is no challenge among types of authentications.
还有一个重要的事情,那就是身份验证和授权之间diffrences,你可以在web.config中配置他们像波纹管:
There is another important thing, that is diffrences between Authentication and Authorization that you can config them at web.config like bellow:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
或
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
</authorization>
这 MSDN文章可能也有帮助。
这篇关于如何使用Windows和窗体身份验证与单个自定义角色提供的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
