Active Directory的成员资格提供程序 - 如何扩大呢？ [英] Active Directory Membership Provider - how to expand on this?

问题描述

我工作的得到一个MVC应用程序并通过AD成员资格提供程序运行，我有一些问题搞清楚了这一点。我有一个基本的配置设置和工作，当我登录为foo@my.domain.com +密码。

I'm working on getting an MVC app up and running via AD Membership Provider and I'm having some issues figuring this out. I have a base configuration setup and working when I login as foo@my.domain.com + password.

   <connectionStrings>
      <add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" />
   </connectionStrings>

  <membership defaultProvider="MyProvider">
     <providers>
        <clear />
        <add name="MyProvider" connectionStringName="MyConnString"
             connectionUsername="my.domain.com\service_account"
             connectionPassword="biguglypassword"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
     </providers>
  </membership>

不过，我想要做一些其他的事情，我不知道如何去了解他们。

However, I'd LIKE to do some other things and I'm not sure how to go about them.

1. 在登录时未键入域名（即@ my.domain.com）。我意识到，如果我限制自己只是一个域，这可能只是工作 - 这很好
。
2. 在一个OU内组织用户在多达N个不同的OU。正如你可以从我目前的连接字符串，我验证用户在我的产品用户 OU。我想创建OU此OU内的各个公司，并把用户分为这些OU。我怎样才能在所有这些不同的OU？
的验证
3. 在我试图找出如何与配置文件和角色提供在Active Directory成员资格提供联系。是那些有AD版本也还是我坚持了SQL，本土，或者找到的东西别人有codeD吗？

1. Login without typing the domain (i.e. the "@my.domain.com"). I realize that this could only work if I limit myself to just one domain - that's fine.
2. Organize users in up to N different OUs within a single OU. As you can tell from my current connection string, I'm authenticating users in my Product Users OU. I would LIKE to create OUs for various companies within this OU and put the users into those OUs. How can I authenticate across all of these different OUs?
3. I'm trying to figure out how the Active Directory Membership Provider ties in with the Profile and Role providers. Are there AD versions of those too or am I stuck with SQL, home-grown, or finding something somebody else has coded up?

非常感谢!!

推荐答案

在回应3点：

我回答这个类似的问题而回：<一href="http://stackoverflow.com/questions/756299/how-can-i-implement-a-role-hierarchy-in-an-asp-net-mvc-app-using-activedirectorym/758469#758469">"How我可以在一个asp.net MVC应用程序使用activedirectorymembershipprovider实现角色的层次结构。

I answered a similar question about this a while back: "How can i implement a role-hierarchy in an asp.net mvc app using activedirectorymembershipprovider".

还有就是 WindowsTokenRoleProvider 应为您提供从AD的用户角色的细节 - 这是一个只读的提供程序，并且只提供了用于的isUserInRole 和 GetRolesForUser ，但可能足以满足您的需求。

There is the WindowsTokenRoleProvider that should provide you with details of the Users roles from AD - it's a read-only provider, and only provides methods for IsUserInRole and GetRolesForUser, but may be sufficient for your needs.

这篇关于Active Directory的成员资格提供程序 - 如何扩大呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！