使用Asp.NET标识进行LDAP身份验证
发布时间:2020-12-16 03:45:38 所属栏目:asp.Net 来源:网络整理
导读:我尝试为我的ASP.NET MVC应用程序实现Active Directory身份验证.我使用System.DirectoryServices并在登录期间在UserManager中查找用户.如果用户未找到我正在尝试在Active Directory中查找用户,并且如果使用UserManager.CreateAsync()成功注册用户在asp.net m
|
我尝试为我的ASP.NET MVC应用程序实现Active Directory身份验证.我使用System.DirectoryServices并在登录期间在UserManager中查找用户.如果用户未找到我正在尝试在Active Directory中查找用户,并且如果使用UserManager.CreateAsync()成功注册用户在asp.net mvc应用程序中.
private ApplicationUserManager _userManager;
private ApplicationRoleManager _roleManager;
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel loginModel,string returnUrl)
{
if (ModelState.IsValid)
{
var user = await UserManager.FindAsync(loginModel.UserName,loginModel.Password);
if (user != null)
{
await SignInAsync(user,loginModel.RememberMe);
return RedirectToLocal(returnUrl);
}
string userFullName;
if (AuthenticateActiveDirectoryUser("mydomain.local",loginModel.UserName,loginModel.Password,out userFullName))
{
var newUser = new ApplicationUser { UserName = loginModel.UserName,FullName = userFullName };
var result = await UserManager.CreateAsync(newUser,loginModel.Password);
if (result.Succeeded)
{
await SignInAsync(newUser,loginModel.RememberMe);
return RedirectToLocal(returnUrl);
}
AddErrors(result);
}
else
{
ModelState.AddModelError("","Invalid UserName or Password");
}
}
return View(loginModel);
}
private bool AuthenticateActiveDirectoryUser(
string domain,string username,string password,out string fullName)
{
fullName = string.Empty;
var domainAndUsername = string.Format("{0}{1}",domain,username);
var ldapPath = "";
var entry = new DirectoryEntry(ldapPath,domainAndUsername,password);
try
{
// Bind to the native AdsObject to force authentication.
var obj = entry.NativeObject;
var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" };
search.PropertiesToLoad.Add("cn");
var result = search.FindOne();
if (result == null)
return false;
try
{
fullName = (string)result.Properties["cn"][0];
}
catch
{
fullName = string.Empty;
}
}
catch (Exception ex)
{
return false;
}
return true;
}
但是在我的实现中忽略了用户更改Active Directory帐户或AD帐户中的密码的情况. 解决方法
看看这是否可以帮助你
protected bool ActiveDirectoryLogin(string Username,string Password,string Domain)
{
bool Success = false;
//System.DirectoryServices.DirectoryEntry Entry =
// new System.DirectoryServices.DirectoryEntry("LDAP://196.15.32.161:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa","uid=" + Username + ",cn=KFUPM-People,Password,AuthenticationTypes.None);
System.DirectoryServices.DirectoryEntry Entry =
new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,AuthenticationTypes.None);
//System.DirectoryServices.DirectoryEntry Entry =
// new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,Username,AuthenticationTypes.None);
System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry);
//Entry.Username = "uid="+Username + ",dc=sa";
//Entry.Password = Password;
//Entry.AuthenticationType = AuthenticationTypes.None;
// Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;
try
{
Object nat = Entry.NativeObject;
Success = true;
// System.DirectoryServices.SearchResult Results = Searcher.FindOne();
// Success = (Results != null);
}
catch (Exception e)
{
Success = false;
}
return Success;
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- ASP.NET MVC中QueryString拼接更新
- asp.net – 从web.config中膨胀时,SmtpClient不会进行身份验
- 如何使用asp.net向多个收件人发送电子邮件?
- asp.net-mvc-5 – Windows身份验证在ASP.NET MVC 5网络应用
- asp.net-mvc – 在[授权]失败后显示404错误页面
- ASP.NET MVC应用程序处理程序映射和模块的性能和安全性
- 为什么开发人员在实现版本控制时如此珍贵地发布API?
- asp.net-mvc-3 – 强制重新验证mvc3不显眼的远程验证
- asp.net-mvc – 在ASP.NET MVC中执行原始SQL查询,数据库优先
- asp.net-mvc-3 – Autofac等同于Ninject的WhenInjectedInto