1. 首页
  2. 问答
  3. 使用Asp.NET身份进行LDAP身份验证

使用Asp.NET身份进行LDAP身份验证

2015-09-09 154 views
5

我试图为我的ASP.NET MVC应用程序实现Active Directory身份验证。我使用System.DirectoryServices并在登录时在UserManager中查找用户。如果用户未找到我正在尝试在Active Directory中查找用户,并且成功注册用户在具有UserManager.CreateAsync()的asp.net mvc应用程序中。使用Asp.NET身份进行LDAP身份验证

private ApplicationUserManager _userManager; 
    private ApplicationRoleManager _roleManager; 

    // 
    // POST: /Account/Login 
    [HttpPost] 
    [AllowAnonymous] 
    [ValidateAntiForgeryToken] 
    public async Task<ActionResult> Login(LoginViewModel loginModel, string returnUrl) 
    { 
     if (ModelState.IsValid) 
     { 
      var user = await UserManager.FindAsync(loginModel.UserName, loginModel.Password); 
      if (user != null) 
      { 
       await SignInAsync(user, loginModel.RememberMe); 
       return RedirectToLocal(returnUrl); 
      } 

      string userFullName; 
      if (AuthenticateActiveDirectoryUser("mydomain.local", loginModel.UserName, loginModel.Password, out userFullName)) 
      { 
       var newUser = new ApplicationUser { UserName = loginModel.UserName, FullName = userFullName }; 
       var result = await UserManager.CreateAsync(newUser, loginModel.Password);     

       if (result.Succeeded) 
       { 
        await SignInAsync(newUser, loginModel.RememberMe); 
        return RedirectToLocal(returnUrl); 
       } 

       AddErrors(result); 
      } 
      else 
      { 
       ModelState.AddModelError("", "Invalid UserName or Password"); 
      } 
     } 

     return View(loginModel); 
    } 

    private bool AuthenticateActiveDirectoryUser(
     string domain, 
     string username, 
     string password, 
     out string fullName) 
    { 
     fullName = string.Empty; 

     var domainAndUsername = string.Format("{0}\\{1}", domain, username); 
     var ldapPath = ""; 
     var entry = new DirectoryEntry(ldapPath, domainAndUsername, password); 
     try 
     { 
      // Bind to the native AdsObject to force authentication. 
      var obj = entry.NativeObject; 
      var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" }; 
      search.PropertiesToLoad.Add("cn"); 
      var result = search.FindOne(); 
      if (result == null) 
       return false; 

      try 
      { 
       fullName = (string)result.Properties["cn"][0]; 
      } 
      catch 
      { 
       fullName = string.Empty; 
      } 
     } 
     catch (Exception ex) 
     { 
      return false; 
     } 

     return true; 
    }

但在我的实现中,如果用户在Active Directory帐户或AD帐户中更改密码被删除,则忽略这些情况。 我可以在我的代码中手动检查它,但也许存在ASP.NET身份的其他方式来实现Active Directory用户帐户的身份验证?

来源

2015-09-09 F_Z_14

回答

0

看看这可以帮助ü

protected bool ActiveDirectoryLogin(string Username, string Password, string Domain) 
{ 
    bool Success = false; 
    //System.DirectoryServices.DirectoryEntry Entry = 
    // new System.DirectoryServices.DirectoryEntry("LDAP://196.15.32.161:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", "uid=" + Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Password, AuthenticationTypes.None); 

    System.DirectoryServices.DirectoryEntry Entry = 
     new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", "uid=" + Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Password,AuthenticationTypes.None); 

    //System.DirectoryServices.DirectoryEntry Entry = 
    // new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Username , Password, AuthenticationTypes.None); 

    System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry); 
    //Entry.Username = "uid="+Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa"; 
    //Entry.Password = Password; 
    //Entry.AuthenticationType = AuthenticationTypes.None; 
    // Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree; 

    try 
    { 

     Object nat = Entry.NativeObject; 
     Success = true; 
//   System.DirectoryServices.SearchResult Results =  Searcher.FindOne(); 
//   Success = (Results != null); 

    } 
    catch (Exception e) 
    { 
     Success = false; 
    } 

    return Success; 
}

来源

2016-12-15 07:39:03 shomaail

相关问题

 相关问题