问题描述
我正在尝试使用 ASP.NET MVC 中的用户和组对 Active Directory 进行身份验证.
我已将以下属性放在我所有的类(帐户类除外)上:
该组位于活动目录中的 OU=Area->OU=Groups->OU=Company->CN=SubcontractDB 下.我假设我还需要在 web.config 中设置一个 RoleManager,我尝试按如下方式执行:
我的连接字符串是:
显然我做错了,因为这不起作用.我想要做的就是允许访问属于 AD 中某个组成员的用户.
所以我最终实现了我自己的授权属性并使用它:
然后我可以简单地使用上面的控制器或函数
注意:您可以简单地使用 new PrincipalContext(ContextType.Domain);
但是 .NET 4.0 中有一个错误会引发 (0x80005000)
userPrincpal.IsMemberOf(...)
错误.有关详细信息,请参阅此处.
如果您想知道如何根据授权失败重定向到另一个页面,请在此处查看我的答案:在ASP.NET MVC中基于控制器属性向视图模型添加错误信息>
I'm attempting to authenticate using users and groups in ASP.NET MVC against Active Directory.
I have put the following attribute on all my classes (except the account class):
This group is found under OU=Area->OU=Groups->OU=Company->CN=SubcontractDB in active directory. I'm assuming I also need to setup a RoleManager in web.config which I've attempted to do as follows:
My connection string is:
Obviously I'm doing it wrong as this doesn't work. All I want to do is allow access to users that are a member of a certain group in AD.
So I ended up implementing my own authorize attribute and using that:
And then I can simply use the following above controllers or functions
NB: You could simply use new PrincipalContext(ContextType.Domain);
however there is a bug in .NET 4.0 that throws a (0x80005000)
error at userPrincpal.IsMemberOf(...)
. See here for details.
If you would like to know how to redirect to another page based on failed authorization, check my answer here: Adding an error message to the view model based on controller attribute in ASP.NET MVC
这篇关于ASP .NET MVC 表单授权与 Active Directory 组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!