If I'm using active directory as a user store, how do I relate information in my database to a particular user? Should I insert them into the database after authenticating them ( which seems redundant to me) or is using the ad membership provider only for authentication and I should be using the SQL membership provider?
如果我使用活动目录作为用户存储,我如何将数据库中的信息与特定用户相关联?我应该在验证它们之后将它们插入到数据库中(这对我来说似乎是多余的),或者仅使用广告成员资格提供程序进行身份验证,我应该使用SQL成员资格提供程序吗?
1 个解决方案
#1
3
Membership providers are only concerned with authentication. Authorization (which is not the same thing as authentication) is performed by your logic, optionally with a Roles provider.
成员资格提供者仅关注身份验证。授权(与身份验证不同)由您的逻辑执行,可选地使用角色提供程序。
You can use Active Directory for roles, but you'll need to use an external implementation as ASP.NET does not include one out-of-the-box (e.g. http://www.codeproject.com/Articles/28546/Active-Directory-Roles-Provider ).
您可以将Active Directory用于角色,但是您需要使用外部实现,因为ASP.NET不包含一个开箱即用的(例如http://www.codeproject.com/Articles/28546/Active -Directory-Roles-Provider)。
If you're using AD for membership but want to track users in your database then you'll want to use an AD user's objectGUID
attribute because it's both unique and immutable, other properties like cn
and objectSid
are unique but are not immutable.
如果您使用AD作为成员资格但想要跟踪数据库中的用户,那么您将需要使用AD用户的objectGUID属性,因为它既是唯一的又是不可变的,cn和objectSid等其他属性是唯一的但不是不可变的。
Personally I do not use the Membership/Roles/Profiles features in any ASP.NET project I work on because they require special handling which creates a logically-separate concern in your application that doesn't always mesh with everything else in your application, especially if you're using an ORM for your entities. Even if you implement your own providers to avoid complications with your application's internal entity model you will still run into problems because the Membership
object exposes a new interface to your model which you still need to implement on top of any existing system for user management you have. Consequently I only recommend using Membership/Roles/Profiles for ultra-basic websites.
我个人不会在我工作的任何ASP.NET项目中使用Membership / Roles / Profiles功能,因为它们需要特殊处理,这会在应用程序中创建一个逻辑上独立的问题,并不总是与应用程序中的其他任何内容相关联,尤其是如果您正在为您的实体使用ORM。即使您实现自己的提供程序以避免应用程序的内部实体模型的复杂性,您仍然会遇到问题,因为Membership对象为您的模型公开了一个新接口,您仍然需要在任何现有系统上实现用户管理。因此,我只建议为超级基本网站使用会员/角色/个人资料。
#1
3
Membership providers are only concerned with authentication. Authorization (which is not the same thing as authentication) is performed by your logic, optionally with a Roles provider.
成员资格提供者仅关注身份验证。授权(与身份验证不同)由您的逻辑执行,可选地使用角色提供程序。
You can use Active Directory for roles, but you'll need to use an external implementation as ASP.NET does not include one out-of-the-box (e.g. http://www.codeproject.com/Articles/28546/Active-Directory-Roles-Provider ).
您可以将Active Directory用于角色,但是您需要使用外部实现,因为ASP.NET不包含一个开箱即用的(例如http://www.codeproject.com/Articles/28546/Active -Directory-Roles-Provider)。
If you're using AD for membership but want to track users in your database then you'll want to use an AD user's objectGUID
attribute because it's both unique and immutable, other properties like cn
and objectSid
are unique but are not immutable.
如果您使用AD作为成员资格但想要跟踪数据库中的用户,那么您将需要使用AD用户的objectGUID属性,因为它既是唯一的又是不可变的,cn和objectSid等其他属性是唯一的但不是不可变的。
Personally I do not use the Membership/Roles/Profiles features in any ASP.NET project I work on because they require special handling which creates a logically-separate concern in your application that doesn't always mesh with everything else in your application, especially if you're using an ORM for your entities. Even if you implement your own providers to avoid complications with your application's internal entity model you will still run into problems because the Membership
object exposes a new interface to your model which you still need to implement on top of any existing system for user management you have. Consequently I only recommend using Membership/Roles/Profiles for ultra-basic websites.
我个人不会在我工作的任何ASP.NET项目中使用Membership / Roles / Profiles功能,因为它们需要特殊处理,这会在应用程序中创建一个逻辑上独立的问题,并不总是与应用程序中的其他任何内容相关联,尤其是如果您正在为您的实体使用ORM。即使您实现自己的提供程序以避免应用程序的内部实体模型的复杂性,您仍然会遇到问题,因为Membership对象为您的模型公开了一个新接口,您仍然需要在任何现有系统上实现用户管理。因此,我只建议为超级基本网站使用会员/角色/个人资料。