All geek questions in one place

Membership in Intranet MVC3

I am creating an MVC3 Intranet application using the default MembershipProvider, ProfileProvider and RoleProvider connected to the SQL Server DB. If I use forms authentication, the role provider populates correctly. When I switch to Windows authentication, the role provider no longer populates. This is verified by setting a breakpoint in the code and viewing "Roles .GetRolesForUser ()". What I suspect is that the user ID that is being passed to the database is "DOMAIN \ USERID" (this is what is in User.Identity.Name), while what is in the database is is just a user id.

Since everything is by default, there is not much code to publish.

<authentication mode="Windows" /> <authorization> <deny users="?"/> </authorization> <membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <clear /> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership> <profile> <providers> <clear /> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" /> </providers> <properties></properties> </profile> <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider" cacheRolesInCookie="true"> <providers> <clear /> <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" /> <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" /> </providers> </roleManager>

My first thought: is it possible to simply delete the domain before the identifier is passed to the membership provider, but only the username .Identity.Name.

What would be the best way to fix this without modifying my entire database to have a domain \ userid, and not just userid? Is it possible to do this without having to create your own membership / profile / role provider?

+4
source share
1 answer

If you just want to use Windows Authentication, then you do not want to use SqlRoleProvider, but instead want to use WindowsTokenRoleProvider, which will return the AD roles. (There is no reason to use a membership provider, because when using Windows authentication, you cannot access the site without authentication)

If you want to use Windows Authentication but use SqlRoles, you probably want to do something like this:

http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx

+1
source

Source: https://habr.com/ru/post/1434608/

More articles:


All Articles