是否存在“完全合格”的说法? Windows 身份验证上下文中的用户名?
我的网络应用程序托管在 mydomain
上,具有与该域关联的以下 URI:blah.net
。
我可以使用以下用户名之一登录:
- mydomain\ben
- [email protected]
在 Windows 身份验证上下文中,每种登录类型的名称是什么(是否有任何差异)?
My web-app is hosted on mydomain
, with the following URI associated with the domain: blah.net
.
I can login to using either of the following usernames:
- mydomain\ben
- [email protected]
What are the names of each of these types of login (and are there any differences), within the context of Windows Authentication?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
ben
(在mydomain\ben
中)是 SAM 帐户名称。 (“SAM”是安全帐户管理器(Security Account Manager)的缩写,它是旧的 Windows NT 帐户系统。)我不知道整个“mydomain\ben
”构造是否有一个名称。[电子邮件受保护]
被调用UPN 或用户主体名称,其中“blah.net”是 UPN 后缀。在 Active Directory 中,还有名为 DN 或 专有名称或 DN,对于 ben 来说可能是
CN=ben,OU=Users,DC=blah,DC=net
。这是我认为您得到的最接近“完全合格”的名称。它描述了对象的名称(CN 部分)和它驻留在 Active Directory 中的容器(OU 部分)以及 Active Directory 的 DNS 域名(DC 部分)。在这三者中,DN 是唯一一个可用于直接绑定到 LDAP 用户对象而无需任何其他信息的DN。使用 UPN,您必须知道要查询的域控制器。 (也可以从
Domain\SamAccountName
获取该对象,但需要首先找到 Domain 的域控制器,然后使用给定的SamAccountName< 搜索该对象/代码>)。
ben
(inmydomain\ben
) is the SAM account name. ("SAM" is short for Security Account Manager, the old Windows NT account system.) I don't know if there is a name for the entire "mydomain\ben
" construct.[email protected]
is called UPN or User Principal Name, where "blah.net" is the UPN suffix.In Active directory there is also something called DN or Distinguished Name or DN which for ben would probably be
CN=ben,OU=Users,DC=blah,DC=net
. This is the closest to "fully qualified" name I think you get. It describes both the name of the object (the CN part) and the container (OU part) where it resides within the active directory as well as the DNS domain name (DC part) of the Active Directory.Of those three, the DN is the ONLY one that can be used to bind directly to the LDAP user object without having any other information. Using the UPN you have to know a domain controller to query. (It is possible to get to the object from the
Domain\SamAccountName
as well, but it requires first finding the domain controller for Domain and then doing a search for the object with the givenSamAccountName
).根据 Microsoft 的用户名格式文档:
mydomain\ben
称为下层登录名[email protected]
称为用户主体名称According to Microsoft's User Name Formats documentation:
mydomain\ben
is called the Down-Level Logon Name[email protected]
is called the User Principal NameGetUserNameEx
已知的格式列于 EXTENDED_NAME_FORMAT 枚举。我认为 SAM 兼容名称存在长度限制,有时可以通过 UPN 格式来克服。
The formats known to
GetUserNameEx
are listed in the EXTENDED_NAME_FORMAT enumeration.I think there is a length restriction on SAM compatible names that can sometimes be overcome with UPN format.