ASP.NET成员资格 - 使用哪个RoleProvider User.IsInRole()检查ActiveDirectory组?

时间:2023-01-26 02:59:52

Very simple question actually:

实际上很简单的问题:

I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.

我目前禁用了IIS匿名访问,用户使用Windows登录自动登录。但是,调用User.IsInRole(“Role name”)会返回false。我仔细检查了User.Identity.Name()和“角色名称”,它应该返回true。

I currently have this in my Web.Config:

我目前在我的Web.Config中有这个:

UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")

更新我正在调用User.IsInRole(“角色名称”),我应该调用User.IsInRole(“DOMAIN \ Role name”)

However I still like to know if the <membership> entry is needed at all?

但是我仍然想知道是否需要 条目?

What should I change? (and is the <membership> entry needed at all?)

我应该改变什么? (是否需要 条目?)

  <authentication mode="Windows">
      <forms
      name=".ADAuthCookie"
      timeout="10" />
  </authentication>


<membership defaultProvider="ADMembershipProvider">
  <providers>
    <clear/>
      <add
         name="ADMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         connectionUsername="XXX\specialAdUser"
         connectionPassword="xx"
         />
  </providers>
</membership>

<roleManager enabled="true" defaultProvider="WindowsProvider">
  <providers>
    <clear />
      <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
  </providers>
</roleManager>

5 个解决方案

#1


4  

If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.

如果您使用Windows身份验证,只要您记得将角色作为域前缀(即DOMAIN \ groupName),IsInRole就无需额外配置。

In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.

此外,您可以自己角色(双关语)并使用Windows身份验证,例如,SQL角色提供程序,您不希望您的AD充斥着应用程序的自定义角色。

So no, you don't need the provider configuration at all.

所以不,你根本不需要提供者配置。

#2


1  

The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.

这里的会员提供者不会提供帮助。 ActiveDirectoryMembershipProvider似乎最适合(仅?)适合Forms身份验证。

#3


1  

BlogEngine.NET has an Active Directory role provider.

BlogEngine.NET具有Active Directory角色提供程序。

#4


0  

Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)

非常肯定你需要的唯一东西是roleManager组(以及基本身份验证模式='windows'设置)

#5


0  

Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).

开箱即用,没有角色提供程序直接使用Active Directory。您可以在ASP.NET成员资格和角色系统中使用角色表,也可以使用授权管理器(AzMan)。

There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?

有一篇关于CodeProject的文章,它展示了一个与Active Directory相关的角色提供程序的实现 - 具有完整的源代码。也许这有帮助吗?

Marc

渣子

#1


4  

If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.

如果您使用Windows身份验证,只要您记得将角色作为域前缀(即DOMAIN \ groupName),IsInRole就无需额外配置。

In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.

此外,您可以自己角色(双关语)并使用Windows身份验证,例如,SQL角色提供程序,您不希望您的AD充斥着应用程序的自定义角色。

So no, you don't need the provider configuration at all.

所以不,你根本不需要提供者配置。

#2


1  

The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.

这里的会员提供者不会提供帮助。 ActiveDirectoryMembershipProvider似乎最适合(仅?)适合Forms身份验证。

#3


1  

BlogEngine.NET has an Active Directory role provider.

BlogEngine.NET具有Active Directory角色提供程序。

#4


0  

Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)

非常肯定你需要的唯一东西是roleManager组(以及基本身份验证模式='windows'设置)

#5


0  

Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).

开箱即用,没有角色提供程序直接使用Active Directory。您可以在ASP.NET成员资格和角色系统中使用角色表,也可以使用授权管理器(AzMan)。

There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?

有一篇关于CodeProject的文章,它展示了一个与Active Directory相关的角色提供程序的实现 - 具有完整的源代码。也许这有帮助吗?

Marc

渣子