I'm working on getting an MVC app up and running via AD Membership Provider and I'm having some issues figuring this out. I have a base configuration setup and working when I login as foo@my.domain.com + password.
<connectionStrings>
<add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" />
</connectionStrings>
<membership defaultProvider="MyProvider">
<providers>
<clear />
<add name="MyProvider" connectionStringName="MyConnString"
connectionUsername="my.domain.com\service_account"
connectionPassword="biguglypassword"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
However, I'd LIKE to do some other things and I'm not sure how to go about them.
- Login without typing the domain (i.e. the "@my.domain.com"). I realize that this could only work if I limit myself to just one domain - that's fine.
- Organize users in up to N different OUs within a single OU. As you can tell from my current connection string, I'm authenticating users in my
Product Users
OU. I would LIKE to create OUs for various companies within this OU and put the users into those OUs. Ho开发者_Go百科w can I authenticate across all of these different OUs? - I'm trying to figure out how the Active Directory Membership Provider ties in with the Profile and Role providers. Are there AD versions of those too or am I stuck with SQL, home-grown, or finding something somebody else has coded up?
Many thanks!!
In response to point 3:
I answered a similar question about this a while back: "How can i implement a role-hierarchy in an asp.net mvc app using activedirectorymembershipprovider".
There is the WindowsTokenRoleProvider that should provide you with details of the Users roles from AD - it's a read-only provider, and only provides methods for IsUserInRole
and GetRolesForUser
, but may be sufficient for your needs.
For item #1, I found my answer. I need to add attributeMapUsername="sAMAccountName"
<add name="MyProvider" connectionStringName="MyConnString"
attributeMapUsername="sAMAccountName"
connectionUsername="my.domain.com\service_account"
connectionPassword="biguglypassword"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
In response to point 2:
I had the same problem, so what I did was remove the OU from the connection string. Something like this:
<add name="MyConnString" connectionString="LDAP://domaincontroller/DC=my,DC=domain,DC=com" />
Now, I can authenticate users across all of these different OUs.
精彩评论