//来源:http://www.cnblogs.com/jindahao/archive/2012/05/07/2487351.html
需求:
1. 认证要基于AD
2. 登入方式要页面的方式(form)
3. 添加自定义验证逻辑
方案:
根据需求可以很快明白,实际就是个“基于AD的FORM认证”。具体步骤如下:
1. 修改web.config
添加“<connectionStrings>”
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://my.ad/OU=组织机构,DC=my,DC=ad" />
</connectionStrings>
添加" <membership>"
<membership defaultProvider="ADMembership">
<providers>
<clear />
<add name="ADMembership" type="MyADMembershipProvider, MyADMembership, Version=1.0.0.0, Culture=neutral, PublicKeyToken=d7c670baa61f04c6"
attributeMapUsername="SAMAccountName" connectionStringName="ADConnectionString" connectionUsername="****" connectionPassword="****" />
</providers>
</membership>
2. 添加自定义验证逻辑代码,这里主要是继承了“ActiveDirectoryMembershipProvider” 类
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Security;
using System.Data;
using System.Data.OracleClient;
using System.Web;
using System.Web.UI;
using System.Diagnostics;
namespace MyADMembership
{
public class MyADMembershipProvider : ActiveDirectoryMembershipProvider
{
public override bool ValidateUser(string username, string password)
{
bool bv = base.ValidateUser(username, password);//调用父类验证方法
//自定义验证逻辑
......
}
}
}
3. 部署dll到GAC,重启iis
4. 在管理中心修改认证方式,修改管理员
5. 登入验证
原文:http://www.cnblogs.com/TNSSTAR/p/4351854.html