ActiveDirectoryMembershipProvider.CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus) 方法
定义
将新用户添加到 Active Directory 数据存储区。Adds a new user to the Active Directory data store.
public:
override System::Web::Security::MembershipUser ^ CreateUser(System::String ^ username, System::String ^ password, System::String ^ email, System::String ^ passwordQuestion, System::String ^ passwordAnswer, bool isApproved, System::Object ^ providerUserKey, [Runtime::InteropServices::Out] System::Web::Security::MembershipCreateStatus % status);
public override System.Web.Security.MembershipUser CreateUser (string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status);
override this.CreateUser : string * string * string * string * string * bool * obj * MembershipCreateStatus -> System.Web.Security.MembershipUser
Public Overrides Function CreateUser (username As String, password As String, email As String, passwordQuestion As String, passwordAnswer As String, isApproved As Boolean, providerUserKey As Object, ByRef status As MembershipCreateStatus) As MembershipUser
参数
- username
- String
新用户的用户名。The user name for the new user.
- password
- String
新用户的密码。The password for the new user.
- String
新用户的电子邮件地址。The email address of the new user.
- passwordQuestion
- String
新用户的密码提示问题。The password question for the new user.
- passwordAnswer
- String
新用户的密码提示问题答案。The password answer for the new user.
- isApproved
- Boolean
是否允许验证新用户。Whether or not the new user is approved to be validated.
- providerUserKey
- Object
用户的成员资格数据源中的唯一标识符。The unique identifier from the membership data source for the user. 使用 ActiveDirectoryMembershipProvider 类时,此参数必须为 null。This parameter must be null when using the ActiveDirectoryMembershipProvider class.
- status
- MembershipCreateStatus
此方法返回时,包含一个 MembershipCreateStatus 枚举值,指示是否成功创建了用户。When this method returns, contains one of the MembershipCreateStatus enumeration values indicating whether the user was created successfully.
返回
一个 ActiveDirectoryMembershipUser 实例,包含新创建用户的信息;如果未成功创建用户,则为 null。An ActiveDirectoryMembershipUser instance containing the information for the newly created user, or null if the user was not successfully created.
例外
providerUserKey 参数不是 null。The providerUserKey parameter is not null.
管理员尚未将密码提示问题和答案字段映射到 Active Directory 架构的特性,并且 passwordQuestion 或 passwordAnswer 参数不是 null。The administrator has not mapped the password question-and-answer fields to attributes of the Active Directory schema, and either the passwordQuestion or passwordAnswer parameter is not null.
machineKey 元素(ASP.NET 设置框架)配置元素指示自动生成的计算机加密密钥。The machineKey Element (ASP.NET Settings Schema) configuration element indicates an auto-generated machine encryption key. 必须将 machineKey 元素(ASP.NET 设置框架)元素的 decryptionKey 属性显式设置为使用 ActiveDirectoryMembershipProvider 存储密码提示问题答案。You must explicitly set the decryptionKey attribute of the machineKey Element (ASP.NET Settings Schema) element to store password answers with the ActiveDirectoryMembershipProvider.
- 或 --or- 尝试设置新用户的密码时,ActiveDirectoryMembershipProvider 无法建立到目录的安全连接。The ActiveDirectoryMembershipProvider was unable to establish a secure connection to the directory when attempting to set the password for the new user.
尝试创建用户时出现错误。An error occurred while attempting to create the user.
在初始化 CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus) 实例前,调用了 ActiveDirectoryMembershipProvider 方法。The CreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus) method is called before the ActiveDirectoryMembershipProvider instance is initialized.
注解
CreateUser方法由 Membership 类调用,以在 Active Directory 数据存储区中创建新用户。The CreateUser method is called by the Membership class to create a new user in the Active Directory data store.
对于 Active Directory 和 Active Directory 应用程序模式 (ADAM) 服务器,此 ActiveDirectoryMembershipProvider 类要求目录中的实例类为 user 。For both Active Directory and Active Directory Application Mode (ADAM) servers, the ActiveDirectoryMembershipProvider class requires that the instance class in the directory be user. 不支持等其他用户类 inetOrgPerson 。Alternative user classes such as inetOrgPerson are not supported.
当使用 Active Directory 服务器并且用户名映射到 userPrincipalName 属性时, ActiveDirectoryMembershipProvider 该类会自动为参数生成一个随机的20个字符的用户名 sAMAccountName 。When using an Active Directory server and the user name is mapped to the userPrincipalName attribute, the ActiveDirectoryMembershipProvider class will automatically generate a random 20-character user name for the sAMAccountName parameter on your behalf.
参数默认为以下最大长度。Parameters default to the following maximum lengths.
| 参数Parameter | 最大长度Maximum length |
|---|---|
username |
如果使用属性,则为64个字符 userPrincipalName 。64 characters if using the userPrincipalName attribute. 如果使用 sAMAccountName 属性,则常见限制为20个字符或更少。If using the sAMAccountName attribute, the common restriction is 20 characters or less. |
password |
128个字符。128 characters. |
email |
256 个字符。256 characters. |
passwordQuestion |
256 个字符。256 characters. |
passwordAnswer |
加密之前和之后为128个字符。128 characters before and after encrypting. |
Comment返回的实例的属性 ActiveDirectoryMembershipUser 限制为1024个字符。The Comment property on the returned ActiveDirectoryMembershipUser instance is limited to 1024 characters.
如果通过减少这些属性允许的最大长度来修改目录架构,则这些长度将优先。If the directory schema has been modified by reducing the maximum allowable lengths for these attributes, these lengths will take precedence.
在创建用户之前, ActiveDirectoryMembershipProvider 类将确保用户名是唯一的。Before creating the user, the ActiveDirectoryMembershipProvider class will make sure the user name is unique. 如果 ActiveDirectoryMembershipProvider 实例配置为要求唯一的电子邮件地址,则它还将确保电子邮件地址是唯一的。If the ActiveDirectoryMembershipProvider instance is configured to require unique email addresses, it will also make sure the email address is unique.
在中,如果用户名映射到,则会执行垃圾搜索,从而强制执行用户名的 Active Directory userPrincipalName 。In an Active Directory user-name uniqueness is enforced by performing a GC search when the user name is mapped to userPrincipalName. 如果 sAMAccountName 使用,则目录将自动强制实施 sAMAccountName 跨 Active Directory 域的唯一性。If sAMAccountName is used, then the directory will automatically enforce uniqueness of the sAMAccountName across the Active Directory domain.
ADAM 服务器会在 userPrincipalName 所有应用程序分区中自动强制实施用户名的唯一名称。An ADAM server will automatically enforce user name uniqueness of the userPrincipalName across all application partitions.
电子邮件地址的唯一性是通过执行子树搜索来执行的,该地址从创建用户的容器的根目录开始搜索。Uniqueness of the email address is enforced by performing a subtree search for a duplicate email address starting at the root of the container in which users are created. 如果连接到 Active Directory 并且在连接字符串中未指定任何容器) 或在连接字符串中指定的容器,则这是默认用户容器 (。This is either the default user container (if connected to an Active Directory and no container was specified in the connection string) or the container specified in the connection string.
ActiveDirectoryMembershipProvider类直接在连接字符串中指定的用户容器中创建用户。The ActiveDirectoryMembershipProvider class creates the user directly in the user container specified in the connection string. 有关 ActiveDirectoryMembershipProvider 连接字符串的详细信息,请参阅类主题。See the ActiveDirectoryMembershipProvider class topic for more information about connection strings.
对于要在 Active Directory 服务器上设置的密码, connectionProtection 特性必须设置为 SignAndSeal 。For passwords to be set on an Active Directory server, the connectionProtection attribute must be set to SignAndSeal.
使用 ADAM 服务器时, connectionProtection 可以将属性设置为 None ,但仅当你显式配置 adam 服务器以允许通过不安全连接进行密码更改时。When an ADAM server is being used, the connectionProtection attribute can be set to None, but only if you explicitly configure the ADAM server to allow password changes over unsecured connections.
除了之外的所有字符串参数值,前导空格和尾随空格都将被截断 password 。Leading and trailing spaces are trimmed from all string parameter values except password.
重要
除非用于连接到 Active Directory 服务器的凭据具有域管理员权限 (不建议) 或 "创建子实例"、"删除子实例" 和 "设置密码" 访问权限,否则不能创建新用户。You cannot create new users unless the credentials used to connect to the Active Directory server have either Domain Administrator rights (not recommended) or the "create child instance," "delete child instance," and "set password" access rights. "删除子实例" 访问权限是必需的,因为创建用户是一个多步骤过程,如果用户创建的任何步骤失败, ActiveDirectoryMembershipProvider 该类将删除该用户实例,而不是在目录中保留部分构造的用户实例。The "delete child instance" access right is required because creating a user is a multi-step process, and if any step of user creation fails, the ActiveDirectoryMembershipProvider class will delete the user instance rather than leave a partially constructed user instance in the directory.