我可以使用表单身份验证对 AD 组进行授权吗？

发布于 2024-12-05 03:09:51 字数 1247 浏览 2 评论 0原文

我正在尝试在 ASP .NET MVC3 Web 应用程序中针对 Active Directory 向用户授权。我不仅想强制用户登录并针对目录中的用户进行授权，而且还想针对用户所在的组对用户进行授权，大致如下：

[Authorize(Roles = @"DOMAIN\Group")]

我看到的每个示例都适用于 Windows验证。我正在使用表单身份验证。我的 Web.config 的重要部分如下：

<add name="ADConnectionString" connectionString="LDAP://blahblahblah" />

<authentication mode="Forms">
  <forms name="AD" loginUrl="~/Account/LogOn" />
</authentication>

<membership defaultProvider="ADMembershipProvider">
  <providers>
    <clear />
    <add name="ADMembershipProvider" 
         type="System.Web.Security.ActiveDirectoryMembershipProvider" 
         connectionStringName="ADConnectionString"
         attributeMapUsername="sAMAccountName" />
  </providers>
</membership>

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
  <providers>
    <clear />
    <add name="AspNetWindowsTokenRoleProvider"
         type="System.Web.Security.WindowsTokenRoleProvider"
    />
  </providers>
</roleManager>

我当前收到一条错误消息：

仅当用户名参数与用户匹配时才支持该方法当前 Windows 标识中的名称。

是否可以使用表单身份验证来执行此操作？我应该如何配置我的应用程序？

原文

I am attempting to authorise users against Active Directory in my ASP .NET MVC3 web application. Not only do I want force the user to login and authorise that against the users in the directory, but I also want to authorise users against the groups they are in, along the lines of this:

[Authorize(Roles = @"DOMAIN\Group")]

Every example I'm seeing does it for Windows authentication. I am using Forms authentication. The important parts of my Web.config are as follows:

<add name="ADConnectionString" connectionString="LDAP://blahblahblah" />

<authentication mode="Forms">
  <forms name="AD" loginUrl="~/Account/LogOn" />
</authentication>

<membership defaultProvider="ADMembershipProvider">
  <providers>
    <clear />
    <add name="ADMembershipProvider" 
         type="System.Web.Security.ActiveDirectoryMembershipProvider" 
         connectionStringName="ADConnectionString"
         attributeMapUsername="sAMAccountName" />
  </providers>
</membership>

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
  <providers>
    <clear />
    <add name="AspNetWindowsTokenRoleProvider"
         type="System.Web.Security.WindowsTokenRoleProvider"
    />
  </providers>
</roleManager>

I currently get an error that says