Active Directory的成员资格提供程序 - 如何扩大呢? [英] Active Directory Membership Provider - how to expand on this?
问题描述
我工作的得到一个MVC应用程序并通过AD成员资格提供程序运行,我有一些问题搞清楚了这一点。我有一个基本的配置设置和工作,当我登录为foo@my.domain.com +密码。
I'm working on getting an MVC app up and running via AD Membership Provider and I'm having some issues figuring this out. I have a base configuration setup and working when I login as foo@my.domain.com + password.
<connectionStrings>
<add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" />
</connectionStrings>
<membership defaultProvider="MyProvider">
<providers>
<clear />
<add name="MyProvider" connectionStringName="MyConnString"
connectionUsername="my.domain.com\service_account"
connectionPassword="biguglypassword"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
不过,我想要做一些其他的事情,我不知道如何去了解他们。
However, I'd LIKE to do some other things and I'm not sure how to go about them.
- 在登录时未键入域名(即@ my.domain.com)。我意识到,如果我限制自己只是一个域,这可能只是工作 - 这很好 。
- 在一个OU内组织用户在多达N个不同的OU。正如你可以从我目前的连接字符串,我验证用户在我的
产品用户
OU。我想创建OU此OU内的各个公司,并把用户分为这些OU。我怎样才能在所有这些不同的OU? 的验证
- 在我试图找出如何与配置文件和角色提供在Active Directory成员资格提供联系。是那些有AD版本也还是我坚持了SQL,本土,或者找到的东西别人有codeD吗?
- Login without typing the domain (i.e. the "@my.domain.com"). I realize that this could only work if I limit myself to just one domain - that's fine.
- Organize users in up to N different OUs within a single OU. As you can tell from my current connection string, I'm authenticating users in my
Product Users
OU. I would LIKE to create OUs for various companies within this OU and put the users into those OUs. How can I authenticate across all of these different OUs? - I'm trying to figure out how the Active Directory Membership Provider ties in with the Profile and Role providers. Are there AD versions of those too or am I stuck with SQL, home-grown, or finding something somebody else has coded up?
非常感谢!!
推荐答案
在回应3点:
我回答这个类似的问题而回:<一href="http://stackoverflow.com/questions/756299/how-can-i-implement-a-role-hierarchy-in-an-asp-net-mvc-app-using-activedirectorym/758469#758469">"How我可以在一个asp.net MVC应用程序使用activedirectorymembershipprovider实现角色的层次结构。
I answered a similar question about this a while back: "How can i implement a role-hierarchy in an asp.net mvc app using activedirectorymembershipprovider".
还有就是 WindowsTokenRoleProvider 应为您提供从AD的用户角色的细节 - 这是一个只读的提供程序,并且只提供了用于的isUserInRole
和 GetRolesForUser
,但可能足以满足您的需求。
There is the WindowsTokenRoleProvider that should provide you with details of the Users roles from AD - it's a read-only provider, and only provides methods for IsUserInRole
and GetRolesForUser
, but may be sufficient for your needs.
这篇关于Active Directory的成员资格提供程序 - 如何扩大呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!