NTLM/Windows 身份验证和 GetAllUsers()
我正在设计一个将在 Intranet 上使用的 Web 应用程序,因此 Windows 身份验证模式是理想的选择。 但是,应用程序的一部分需要能够获取用户列表(以选择要分配的用户)。Membership.GetAllUsers() 不适用于(单独)Windows 身份验证。我无法使用 ActiveDirectoryMembershipProvider,因为我不允许存储要绑定的凭据;因此任何 AD 访问都必须以经过身份验证的用户身份进行,
我已经断断续续地搜索了几个星期,以寻找明确的示例或解决方案,并且我正在开始。认为世界上没有人有同样的问题。
我唯一的选择是使用 Application_AuthenticateRequest 并将“会员资格”的两个世界连接到“Windows 身份验证”吗?但是我如何获取其他地方的“所有”用户列表?应用程序是否有冒充调用用户的 ActiveDirectoryMembershipProvider?
I'm designing a web app which will be used on an intranet so Windows authentication mode is ideal. However, part of the app would need the ability to get a list of users (to pick users for assignments. Membership.GetAllUsers() doesn't apply (on its own) with windows-authentication. I can't use ActiveDirectoryMembershipProvider because I won't be allowed to store credentials to bind with; so any AD access would have to be done as the authenticated user.
I've searched off and on for weeks for a clear cut example or solution to this, and I'm beginning to think that nobody in the world has this same problem.
Is my only option to use Application_AuthenticateRequest and connect the two worlds of "membership" to "windows auth"? But then how do I get a list of "all" users elsewhere in the app? Is there an ActiveDirectoryMembershipProvider which impersonates as the calling user?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
AD 可以包含大量用户 - 因此在一般情况下列出所有用户通常是不切实际的。
如果您正在设计一个 UI 来选择用户(例如分配角色),我会执行类似于现有 Windows UI 的操作来选择 AD 用户或组。 例如,输入几个字符并按名字、姓氏或常用名搜索匹配项。 显示所有匹配项(最多可达某个最大值 - 比如说 1000)并让用户从中进行选择。
AD can contain a very large number of users - so in the general case it's not usually practical to list all users.
If you're designing a UI to pick users (e.g. for assignment to roles) I'd do something similar to the existing Windows UI's to select an AD User or Group. For example, enter a few characters and search for matches by first name, last name or common name. Display all matches (up to some maximum - say 1000) and let the user pick from these.