windows 使用 Active Directory / LDAP 的表单身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7002807/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Forms Authentication Using Active Directory / LDAP
提问by Matt Cashatt
First off--thanks for having a look.
首先--感谢您的观看。
MY QUESTION
我的问题
In a .NET web app, is using Windows Authentication for a extra-net on a WAN consisting of various users, companies, user-agents, etc a bad idea?
在 .NET Web 应用程序中,对由各种用户、公司、用户代理等组成的 WAN 上的外联网使用 Windows 身份验证是一个坏主意吗?
BACKGROUND
背景
I am lead dev on a fast track (very fast) web application for an extra-net that will allow the client's vendors, suppliers, partners, etc to log on and push and pull certain assets such as image files, videos, flash files, etc.
我是一个快速通道(非常快)Web 应用程序的首席开发人员,该应用程序将允许客户的供应商、供应商、合作伙伴等登录并推送和拉取某些资产,例如图像文件、视频、Flash 文件、等等。
PLATFORM/TECHNOLOGY
平台/技术
Asp.Net 4.0, C#, MVC3
Asp.Net 4.0、C#、MVC3
PROBLEM (Maybe)
问题(也许)
The client's IT department has requested that the app use Windows Authentication to authenticate users. One of the reasons for this (they say) is that the assets that will be pushed/pulled by users reside on a third-party server (Signiant) which already uses credentials form their active directory to authenticate users.
客户的 IT 部门已请求应用程序使用 Windows 身份验证来验证用户。这样做的原因之一(他们说)是由用户推送/拉取的资产驻留在第三方服务器(Signiant)上,该服务器已经使用来自其活动目录的凭据来验证用户。
MY VIEW
我的看法
Windows Authentication is going to cause a bunch of headaches. Viewed as a stack, this app will sit on top of the third-party server. So if we use Forms authentication, we can just populate a data table with windows credentials for each user and pass those to Signiant's servers with our requests (you have to do this anyway). If possible, we can even make an LDAP call for the creds on the fly and then pass those to Signiant's servers.
Windows 身份验证会引起一堆麻烦。作为一个堆栈,这个应用程序将位于第三方服务器的顶部。因此,如果我们使用 Forms 身份验证,我们只需为每个用户填充一个带有 Windows 凭据的数据表,然后将这些凭据与我们的请求一起传递到 Signiant 的服务器(无论如何您都必须这样做)。如果可能,我们甚至可以即时调用 LDAP 获取凭证,然后将它们传递给 Signiant 的服务器。
It just seems to me that simple functionality such as "lost password" would be come extremely difficult if we are doing the Windows Auth thing. But, full disclosure, I have never built an Asp.Net app using Windows Authentication so what do I know??
在我看来,如果我们正在执行 Windows 身份验证,那么诸如“丢失密码”之类的简单功能将变得非常困难。但是,完全公开,我从未使用 Windows 身份验证构建过 Asp.Net 应用程序,我知道什么?
Thanks!
谢谢!
Matt
马特
UPDATE 8/12/11
更新 8/12/11
I still don't have an answer as to whether you shoulddo this, but the client is adamant that it must be this way. The app is supposed to be turned over in a month so I will come back and let any followers of this topic know my findings.
关于您是否应该这样做,我仍然没有答案,但客户坚持必须这样做。该应用程序应该会在一个月内上架,所以我会回来让这个主题的任何关注者知道我的发现。
采纳答案by Frazell Thomas
ASP.NET has built in support for doing AD Authentication using Forms Authentication, including password recovery.
ASP.NET 内置了对使用表单身份验证进行 AD 身份验证的支持,包括密码恢复。
