问题
I am currently designing a Membership/Profile scheme for a new project I am working on and I was hoping to get some input from others.
The project is a ASP.NET web application and due to the short time frame, I am trying to use any and all built in .NET framework components I can. The site will probably entertain < 5000 users. Each user will have a profile where custom settings and objects will be persisted between visits.
I am required to use an existing Active Directory for authentication. Since the AD schema cannot be extended to hold new fields, I am required to hold user settings and objects in a different data store. I have also been told ADAM is probably not a possible solution.
I was hoping to use the Active Directory Membership Provider for my authentication scheme and the SQL Profile Provider as a user profile data store. I would prefer not to build a custom profile provider, but I do not see this posing much of a problem if need be.
I was wondering if this is even a possible solution, and if so, has anyone had any luck with this approach.
Any comments would be greatly appreciated.
Thanks.
回答1:
First off - I've never done this myself.
There's a really excellent series (14 !! parts) on the whole topic of ASP.NET 2.0 membership, roles and profile provider systems by Scott Mitchell at 4 Guys from Rolla.
According to my understanding, you should be able to configure this behavior you are looking for by using basically these two sections in your web.config:
<!-- configure Active Directory membership provider -->
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.3600, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<!-- configure SQL-based profile provider -->
<profile defaultProvider="SqlProvider">
<providers>
<add name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="SqlProfileProviderConnection"
applicationName="YourApplication" />
</providers>
<!-- specify any additional properties to store in the profile -->
<properties>
<add name="ZipCode" />
<add name="CityAndState" />
</properties>
</profile>
I would think this ought to work :-)
回答2:
In addition to this as replied by Marc :
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.3600, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
you might also need to add
connectionStringName="ADService",
attributeMapUsername="sAMAccountName"
with corresponnding connection string
<connectionStrings>
<add name="ADService" connectionString="LDAP://ServerIP" />
</connectionStrings>
If you are using .net 4.0 then you will need to replace
Version=2.0.3600
with
Version=4.0.0.0
So finally ,
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
connectionStringName="ADService"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
attributeMapUsername="sAMAccountName"/>
</providers>
</membership>
and since it is set as default, it can be referenced as :
MembershipProvider provider = Membership.Provider;
回答3:
Thanks for the information, its helped alot. Also rather than Setting the default Provider with MembershipProvider provider = Membership.Provider; you can set it with in the membership tag.
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
I"ve also writen a small how to and a download to a Visual Studio Project and Source configured to use AspNetActiveDirectoryMembershipProvider.
ASP.NET Forms Based Authentication - using AspNetActiveDirectoryMembershipProvider
回答4:
I am using Visual Studio 2012 and tried to do as sugested, but an error is shown:
To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".
So I discovered that a few changes should be done to the default login form on the VS2012 with MVC 4 and entity framework as follows:
on file "AccountController.cs"
on the "public ActionResult Login(LoginModel model, string returnUrl)"
Change the
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
for
if (ModelState.IsValid && Membership.Provider.ValidateUser(model.UserName, model.Password))
on the "public ActionResult LogOff()"
Change the
WebSecurity.Logout();
for
FormsAuthentication.SignOut();
and add the following: FormsAuthentication.SetAuthCookie(model.UserName, false);
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && Membership.Provider.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, false);
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
来源:https://stackoverflow.com/questions/895002/asp-net-active-directory-membership-provider-and-sql-profile-provider