Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
592 views
in Technique[技术] by (71.8m points)

active directory - Configure ASP.NET MVC for authentication against AD

What are the high level steps to authenticate users of an ASP.NET MVC application against Active Directory?

I presume something like:

  1. Modify web.config to use Windows authentication
  2. Configure web.config to use the ActiveDirectoryMembershipProvider
  3. Configure the web.config to use a custom RoleProvider that looks in AD

Does the above look sensible, and if so, where do I put the valid user detection logic?

In my case a valid user is someone on a specific AD domain.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Forms Authentication

You can use the normal forms authentication to authenticate a user against an Active Directory, for that you just need you AD connection string:

<connectionStrings>
  <add name="ADConn" connectionString="LDAP://YourConnection" />
</connectionStrings>

and add the Membership Provider to use this connection:

<membership defaultProvider="ADMembership">
  <providers>
    <add name="ADMembership"
         type="System.Web.Security.ActiveDirectoryMembershipProvider,
               System.Web,
               Version=2.0.0.0, 
               Culture=neutral,
               PublicToken=b03f5f7f11d50a3a"
         connectionStringName="ADConn"
         connectionUsername="domain/user"
         connectionPassword="pwd" />
  </providers>
</membership>

you will need to use username@domain to successfully authenticate the user.

Here is something to get you started


Windows Authentication

If you start your project new, you can always select Intranet application from the template and all is taken care for you

enter image description here

If you want to do it manually, you need to change:

  1. Enable Windows Authentication
  2. Disable Anonymous authentication

for detailed info on doing this on IIS7/8 and IISExpress:

IIS 7 & IIS 8

  1. Open IIS Manager and navigate to your website.
  2. In Features View, double-click Authentication.
  3. On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure Windows authentication is installed on the server.

    To enable Windows authentication on Windows: a) In Control Panel open "Programs and Features". b) Select "Turn Windows features on or off". c) Navigate to Internet Information Services > World Wide Web Services > Security and make sure the Windows authentication node is checked.

    To enable Windows authentication on Windows Server: a) In Server Manager, select Web Server (IIS) and click Add Role Services b) Navigate to Web Server > Security and make sure the Windows authentication node is checked.

  4. In the Actions pane, click Enable to use Windows authentication.

  5. On the Authentication page, select Anonymous authentication.
  6. In the Actions pane, click Disable to disable anonymous authentication.

IIS Express

  1. Right click on the project in Visual Studio and select Use IIS Express.
  2. Click on your project in the Solution Explorer to select the project.
  3. If the Properties pane is not open, open it (F4).
  4. In the Properties pane for your project: a) Set "Anonymous Authentication" to "Disabled". b) Set "Windows Authentication" to "Enabled".

In your web.config have something like

<system.web>
  <authentication mode="Windows" />

  <authorization>
    <deny users="?" />
  </authorization>
</system.web>

and that's it!

Now, when you want the user identity, just call

@User.Identity.Name

and this will show you the DomainUsername like for me :

enter image description here

Here is something to get you started


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...