This is how to do it in web Apps forms authentication so it may need some adapting for MVC. Use the asp.net membership and roles engine. Setup the provider to use the Active Directory Membership provider AND ALSO use forms for authentication.
<authentication mode="Forms">
<forms name=".ADAuthCookie"
timeout="10"
loginUrl="Login.aspx"
defaultUrl="Default.aspx">
</forms>
or something like it....
The provider setup will look something like this:
<membership defaultProvider="DomainLoginMembershipProvider">
<providers>
<add name="DomainLoginMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionProtection="Secure"
connectionUsername="domainuser"
connectionPassword="pwd"
attributeMapUsername="sAMAccountName"
enableSearchMethods="false"/>
</providers>
</membership>
The connection protection, user name and pwd are for the account that has access to query AD on behalf of the system. Depending on the security of your network this may have to be setup or you won't be able to query AD to authenticate the user.
Your connection string will look something like:
<connectionStrings>
<add name="ADConnectionString"
connectionString="LDAP://servername:port#/DC=domainname"/>
</connectionStrings>
The connection string can take many forms so you may have to research it for your environment.
For the login page you might have to execute the authentication method and test...
e.Authenticated = Membership.ValidateUser(username, password);
if (e.Authenticated == false)...
Stephen Shackow's book "Professional ASP.Net 2.0 Security, Membership, and Role Management" has a good coverage on using AD Membership (Chapter 12). It's not in the context of MVC but the configuration and setup would be the same.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
