All geek questions in one place

Authentication of multiple organizational units in Active Directory

I am using the Active Directory Membership Provider with the following configuration:

   <connectionStrings>
      <add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" />
   </connectionStrings>

  <membership defaultProvider="MyProvider">
     <providers>
        <clear />
        <add name="MyProvider" connectionStringName="MyConnString"
             connectionUsername="my.domain.com\service_account"
             connectionPassword="biguglypassword"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
     </providers>
  </membership>

This works great, except that all my users should be in the Product Users division when I would like all my users to be organized into different subsidiaries within our Product Users division. Is it possible?

(Note that this is a partial report of this question , but the question I ask here never answered here.)

+3
source share
1 answer

AD , . , , ...

:

LDAP://domaincontroller/OU = , DC = my, DC = domain, DC = com

, .

Windows :

<!-- use windows authentication -->
<authentication mode="Windows" />

<!-- use the Windows role provider -->    
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />

<!-- global authorization rules -->
<authorization>
    <allow roles="Domain Admins, Product Users"/>
    <deny users="*" />
</authorization>

OU " " .

, ....

If(User.IsInRole("Product Admins"))
{
   // do something groovy
}
else
   throw new SecurityException();

...

, , , , ( ).

: .

: / .

+1

Source: https://habr.com/ru/post/1747598/

More articles:


All Articles