Active User objects and the membership Directory
The problem that we often encounter in the programming technology of the website is how to track the user's information, especially
is when the number of users as high as millions of, can be very convenient to manage users and also requires
Server's high performance. The following is an introduction to using AUO (Active User Objects) technology to implement this functionality.
Introduction to some basic concepts:
First of all, the solution we use is the Microsoft Membership Directory that Microsoft offers,
It is installed with the site server. Once the site Server is installed, you will have the ability to manage millions users
and optimization of the number of visits is extremely frequent.
This specific technical details can be found in the Site Server documentation, and now we are just beginning to understand the technology.
The technology under MMD (Microsoft membership Directory) is that Ldap,ldap is a method for querying and
The protocol standard for managing object databases. This standard provides a directory for storing and retrieving information.
and Microsoft provides a mechanism to access this directory structure--ADSI (Active directory Service interfaces), ADSI
Provides a COM object model to manage items in a directory, while ADSI also has access to some other directory service structures, such as
NT security database, Novell DSN directory, and so on, which I have mentioned many times in the previous article.
In addition, using ADSI, you can also access ADO to invoke the data in the relational database.
Now let's briefly introduce AUO (active user Objects, active Users object). As another part of site server,
It provides us with a simple mechanism for obtaining information about site visitors and visitors via ASP, which is stored in one or
Multiple datastores (also known as AUO providers).
Note that the main AUO provider is usually membership Directory, and what we use ADSI to access is generally called
The secondary secondary AUO provider (and the user's data is stored in these databases).
As you can imagine, saving more than one user's information means having the ability to have security settings.
Now the main interest in this article is how to constrain and gain access to our web site methods.
Security issues with the website
When a user anonymous access to a Web page, generally they use permissions is an anonymous user's permissions, the default is Iusr_systemname
And the permissions they have are simply the permissions that are set on the user account Iusr_systemname in NT.
Once a Web site resource is not granted access to an anonymous account, the access is denied.
Here are a few ways to make a conversation not run under an anonymous account, but instead use an existing user account to create a conversation.
For example, when IIS is set up to use membership Directory, two authentication mechanisms are used:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.