需求:
1. 认证要基于AD
2. 登入方式要页面的方式(form)
3. 添加自定义验证逻辑
方案:
根据需求可以很快明白,实际就是个“基于AD的FORM认证”。具体步骤如下:
1. 修改web.config
添加“<connectionStrings>”
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://my.ad/OU=组织机构,DC=my,DC=ad" />
</connectionStrings>
添加" <membership>"
<membership defaultProvider="ADMembership"> <providers> <clear /> <add name="ADMembership" type="MyADMembershipProvider, MyADMembership, Version=1.0.0.0, Culture=neutral, PublicKeyToken=d7c670baa61f04c6" attributeMapUsername="SAMAccountName" connectionStringName="ADConnectionString" connectionUsername="****" connectionPassword="****" /> </providers> </membership>
2. 添加自定义验证逻辑代码,这里主要是继承了“ActiveDirectoryMembershipProvider” 类
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Web.Security; using System.Data; using System.Data.OracleClient; using System.Web; using System.Web.UI; using System.Diagnostics; namespace MyADMembership { public class MyADMembershipProvider : ActiveDirectoryMembershipProvider { public override bool ValidateUser(string username, string password) { bool bv = base.ValidateUser(username, password);//调用父类验证方法
//自定义验证逻辑
...... } } }
3. 部署dll到GAC,重启iis
4. 在管理中心修改认证方式,修改管理员
5. 登入验证