ASP.NET Membership - Which RoleProvider to use so User.IsInRole() checks ActiveDirectory Groups?

杀马特。学长 韩版系。学妹 提交于 2019-12-31 22:22:42

问题


Very simple question actually:

I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.

I currently have this in my Web.Config:

UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")

However I still like to know if the <membership> entry is needed at all?

What should I change? (and is the <membership> entry needed at all?)

  <authentication mode="Windows">
      <forms
      name=".ADAuthCookie"
      timeout="10" />
  </authentication>


<membership defaultProvider="ADMembershipProvider">
  <providers>
    <clear/>
      <add
         name="ADMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         connectionUsername="XXX\specialAdUser"
         connectionPassword="xx"
         />
  </providers>
</membership>

<roleManager enabled="true" defaultProvider="WindowsProvider">
  <providers>
    <clear />
      <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
  </providers>
</roleManager>

回答1:


If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.

In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.

So no, you don't need the provider configuration at all.




回答2:


The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.




回答3:


BlogEngine.NET has an Active Directory role provider.




回答4:


Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)




回答5:


Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).

There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?

Marc



来源:https://stackoverflow.com/questions/863080/asp-net-membership-which-roleprovider-to-use-so-user-isinrole-checks-actived

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!