asp.net-mvc ASP.NET MVC - 根据 Active Directory 对用户进行身份验证,但需要输入用户名和密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6147864/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ASP.NET MVC - Authenticate users against Active Directory, but require username and password to be inputted
提问by munchrall
I'm developing a MVC3 application that will require a user to be authenticated against an AD. I know that there is the option in MVC3 to create an Intranet Application that automatically authenticates a user against an AD, but it uses Windows Authentication and automatically logs them on. This application may be accessed on 'Open' workstations where the user will need to enter their Domain Username and Password. Any examples or online tutorial would be great. An example project would be exceptional.
我正在开发一个 MVC3 应用程序,它将要求用户根据 AD 进行身份验证。我知道 MVC3 中有一个选项可以创建一个 Intranet 应用程序,该应用程序可以根据 AD 自动对用户进行身份验证,但它使用 Windows 身份验证并自动登录。此应用程序可以在“开放”工作站上访问,用户需要在其中输入他们的域用户名和密码。任何示例或在线教程都会很棒。一个示例项目将是例外。
采纳答案by Khepri
You can use the standard Internet application template with forms authentication and insert an ActiveDirectoryMembershipProviderinto the web.config:
您可以将标准 Internet 应用程序模板与表单身份验证一起使用,并将 插入ActiveDirectoryMembershipProvider到web.config:
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://YOUR_AD_CONN_STRING" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Account/LogOn"
timeout="15" slidingExpiration="false" protection="All" />
</authentication>
<membership defaultProvider="MY_ADMembershipProvider">
<providers>
<clear />
<add name="MY_ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName" />
</providers>
</membership>
</system.web>
In this way you get the Internet application template login form, and it validates against AD for you.
通过这种方式,您可以获得 Internet 应用程序模板登录表单,它会为您验证 AD。
Then it's just a matter of some AccountControllercleanup to remove reset password/change password/register functionality leaving just Login.
然后只需进行一些AccountController清理即可删除重置密码/更改密码/注册功能,只留下登录。
回答by cpoDesign
As mentioned above, you can use the membership provider defined in the web.config file.
如上所述,您可以使用 web.config 文件中定义的成员资格提供程序。
The code below is within the implementation of the 'AccountController' from the MVC 3 Template code and has been slightly modified to work with ActiveDirectory:
下面的代码在 MVC 3 模板代码中的“AccountController”的实现中,并且已经稍微修改以与 ActiveDirectory 一起使用:
[HttpPost]
public ActionResult LogOn( LogOnModel model, string returnUrl )
{
if( ModelState.IsValid )
{
// Note: ValidateUser() performs the auth check against ActiveDirectory
// but make sure to not include the Domain Name in the User Name
// and make sure you don't have the option set to use Email Usernames.
if( MembershipService.ValidateUser( model.UserName, model.Password ) )
{
// Replace next line with logic to create FormsAuthenticationTicket
// to encrypt and return in an Http Auth Cookie or Session Cookie
// depending on the 'Remember Me' option.
//FormsService.SignIn( model.UserName, model.RememberMe );
// Fix this to also check for other combinations/possibilities
if (!String.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
If using .NET 3.5 -- then read this articlefor the alternative:
如果使用 .NET 3.5——然后阅读这篇文章以了解替代方案:
