使用Asp.NET标识进行LDAP身份验证
发布时间:2020-12-16 03:45:38 所属栏目:asp.Net 来源:网络整理
导读:我尝试为我的ASP.NET MVC应用程序实现Active Directory身份验证.我使用System.DirectoryServices并在登录期间在UserManager中查找用户.如果用户未找到我正在尝试在Active Directory中查找用户,并且如果使用UserManager.CreateAsync()成功注册用户在asp.net m
我尝试为我的ASP.NET MVC应用程序实现Active Directory身份验证.我使用System.DirectoryServices并在登录期间在UserManager中查找用户.如果用户未找到我正在尝试在Active Directory中查找用户,并且如果使用UserManager.CreateAsync()成功注册用户在asp.net mvc应用程序中.
private ApplicationUserManager _userManager; private ApplicationRoleManager _roleManager; // // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel loginModel,string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindAsync(loginModel.UserName,loginModel.Password); if (user != null) { await SignInAsync(user,loginModel.RememberMe); return RedirectToLocal(returnUrl); } string userFullName; if (AuthenticateActiveDirectoryUser("mydomain.local",loginModel.UserName,loginModel.Password,out userFullName)) { var newUser = new ApplicationUser { UserName = loginModel.UserName,FullName = userFullName }; var result = await UserManager.CreateAsync(newUser,loginModel.Password); if (result.Succeeded) { await SignInAsync(newUser,loginModel.RememberMe); return RedirectToLocal(returnUrl); } AddErrors(result); } else { ModelState.AddModelError("","Invalid UserName or Password"); } } return View(loginModel); } private bool AuthenticateActiveDirectoryUser( string domain,string username,string password,out string fullName) { fullName = string.Empty; var domainAndUsername = string.Format("{0}{1}",domain,username); var ldapPath = ""; var entry = new DirectoryEntry(ldapPath,domainAndUsername,password); try { // Bind to the native AdsObject to force authentication. var obj = entry.NativeObject; var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" }; search.PropertiesToLoad.Add("cn"); var result = search.FindOne(); if (result == null) return false; try { fullName = (string)result.Properties["cn"][0]; } catch { fullName = string.Empty; } } catch (Exception ex) { return false; } return true; } 但是在我的实现中忽略了用户更改Active Directory帐户或AD帐户中的密码的情况. 解决方法
看看这是否可以帮助你
protected bool ActiveDirectoryLogin(string Username,string Password,string Domain) { bool Success = false; //System.DirectoryServices.DirectoryEntry Entry = // new System.DirectoryServices.DirectoryEntry("LDAP://196.15.32.161:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa","uid=" + Username + ",cn=KFUPM-People,Password,AuthenticationTypes.None); System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,AuthenticationTypes.None); //System.DirectoryServices.DirectoryEntry Entry = // new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,Username,AuthenticationTypes.None); System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry); //Entry.Username = "uid="+Username + ",dc=sa"; //Entry.Password = Password; //Entry.AuthenticationType = AuthenticationTypes.None; // Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree; try { Object nat = Entry.NativeObject; Success = true; // System.DirectoryServices.SearchResult Results = Searcher.FindOne(); // Success = (Results != null); } catch (Exception e) { Success = false; } return Success; } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- ASP.NET MVC中QueryString拼接更新
- asp.net – 从web.config中膨胀时,SmtpClient不会进行身份验
- 如何使用asp.net向多个收件人发送电子邮件?
- asp.net-mvc-5 – Windows身份验证在ASP.NET MVC 5网络应用
- asp.net-mvc – 在[授权]失败后显示404错误页面
- ASP.NET MVC应用程序处理程序映射和模块的性能和安全性
- 为什么开发人员在实现版本控制时如此珍贵地发布API?
- asp.net-mvc-3 – 强制重新验证mvc3不显眼的远程验证
- asp.net-mvc – 在ASP.NET MVC中执行原始SQL查询,数据库优先
- asp.net-mvc-3 – Autofac等同于Ninject的WhenInjectedInto