Very simple question actually:
实际上很简单的问题:
I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.
我目前禁用了IIS匿名访问,用户使用Windows登录自动登录。但是,调用User.IsInRole(“Role name”)会返回false。我仔细检查了User.Identity.Name()和“角色名称”,它应该返回true。
I currently have this in my Web.Config:
我目前在我的Web.Config中有这个:
UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")
更新我正在调用User.IsInRole(“角色名称”),我应该调用User.IsInRole(“DOMAIN \ Role name”)
However I still like to know if the <membership> entry is needed at all?
但是我仍然想知道是否需要
What should I change? (and is the <membership> entry needed at all?)
我应该改变什么? (是否需要
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add
name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXX\specialAdUser"
connectionPassword="xx"
/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="WindowsProvider">
<providers>
<clear />
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
5 个解决方案
#1
4
If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.
如果您使用Windows身份验证,只要您记得将角色作为域前缀(即DOMAIN \ groupName),IsInRole就无需额外配置。
In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.
此外,您可以自己角色(双关语)并使用Windows身份验证,例如,SQL角色提供程序,您不希望您的AD充斥着应用程序的自定义角色。
So no, you don't need the provider configuration at all.
所以不,你根本不需要提供者配置。
#2
1
The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.
这里的会员提供者不会提供帮助。 ActiveDirectoryMembershipProvider似乎最适合(仅?)适合Forms身份验证。
#4
0
Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)
非常肯定你需要的唯一东西是roleManager组(以及基本身份验证模式='windows'设置)
#5
0
Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).
开箱即用,没有角色提供程序直接使用Active Directory。您可以在ASP.NET成员资格和角色系统中使用角色表,也可以使用授权管理器(AzMan)。
There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?
有一篇关于CodeProject的文章,它展示了一个与Active Directory相关的角色提供程序的实现 - 具有完整的源代码。也许这有帮助吗?
Marc
渣子
#1
4
If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.
如果您使用Windows身份验证,只要您记得将角色作为域前缀(即DOMAIN \ groupName),IsInRole就无需额外配置。
In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.
此外,您可以自己角色(双关语)并使用Windows身份验证,例如,SQL角色提供程序,您不希望您的AD充斥着应用程序的自定义角色。
So no, you don't need the provider configuration at all.
所以不,你根本不需要提供者配置。
#2
1
The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.
这里的会员提供者不会提供帮助。 ActiveDirectoryMembershipProvider似乎最适合(仅?)适合Forms身份验证。
#3
#4
0
Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)
非常肯定你需要的唯一东西是roleManager组(以及基本身份验证模式='windows'设置)
#5
0
Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).
开箱即用,没有角色提供程序直接使用Active Directory。您可以在ASP.NET成员资格和角色系统中使用角色表,也可以使用授权管理器(AzMan)。
There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?
有一篇关于CodeProject的文章,它展示了一个与Active Directory相关的角色提供程序的实现 - 具有完整的源代码。也许这有帮助吗?
Marc
渣子