My current application uses the PrincipalContext
c开发者_运维技巧lass to authenticate a default user (filled in in the Web.config dedicated section) against a LDAP (and more precisely an Active Directory):
ldapContext = new PrincipalContext(AdContextType, AdHost, AdContainer,
ContextOptions.SimpleBind,
AdDefaultUser, AdDefaultPassword)
This authentication then allows to search for any other user (via UserPrincipal.FindByIdentity(ldapContext, username)
). BUT I have to change this, since having a user in clear in the Web.config is not acceptable for my client. OK, I can understand that :-))
So I have several solutions:
manage to encrypt the corresponding part of the Web.config (the
membership
part, withproviders
etc)use the account from the application pool of the IIS 7 on which the application is deployed. This implies to retrieve a Principal from IIS (I guess this point should not be so hard), then use it for authentication against the AD; but I cound not find any method for that, neither via the
PrincipalContext
class not via theActiveDirectoryMembershipProvider
one.
Do you know how to manage any of these 2 solutions, or do you think of any other ?
Thanks a lot !!
I think not the username is your problem, more the password? As far as I can tell the second solution want work. There is no way that I know to do this.
For the first solution you can encrypt the username and the password and store the encrypted values in a string. After loading you will need to decrypt the strings. But your solution will not be safe against disassemble.
You should also think about if you need a high security implementation then you may store the encryption key in a secure store. Then you will be saver against disassemble.
精彩评论