1. casa
  2. Domanda e risposta
  3. Autenticazione LDAP con identità Asp.NET

Autenticazione LDAP con identità Asp.NET

2015-09-09 31 views
5

Sto provando l'autenticazione di Active Directory per la mia applicazione ASP.NET MVC. Uso System.DirectoryServices e durante l'accesso, trova utente in UserManager. Se l'utente non viene trovato, sto tentando di trovare l'utente in Active Directory e, in caso di esito positivo, registrare l'utente nell'app di asp.net mvc con UserManager.CreateAsync().Autenticazione LDAP con identità Asp.NET

private ApplicationUserManager _userManager; 
    private ApplicationRoleManager _roleManager; 

    // 
    // POST: /Account/Login 
    [HttpPost] 
    [AllowAnonymous] 
    [ValidateAntiForgeryToken] 
    public async Task<ActionResult> Login(LoginViewModel loginModel, string returnUrl) 
    { 
     if (ModelState.IsValid) 
     { 
      var user = await UserManager.FindAsync(loginModel.UserName, loginModel.Password); 
      if (user != null) 
      { 
       await SignInAsync(user, loginModel.RememberMe); 
       return RedirectToLocal(returnUrl); 
      } 

      string userFullName; 
      if (AuthenticateActiveDirectoryUser("mydomain.local", loginModel.UserName, loginModel.Password, out userFullName)) 
      { 
       var newUser = new ApplicationUser { UserName = loginModel.UserName, FullName = userFullName }; 
       var result = await UserManager.CreateAsync(newUser, loginModel.Password);     

       if (result.Succeeded) 
       { 
        await SignInAsync(newUser, loginModel.RememberMe); 
        return RedirectToLocal(returnUrl); 
       } 

       AddErrors(result); 
      } 
      else 
      { 
       ModelState.AddModelError("", "Invalid UserName or Password"); 
      } 
     } 

     return View(loginModel); 
    } 

    private bool AuthenticateActiveDirectoryUser(
     string domain, 
     string username, 
     string password, 
     out string fullName) 
    { 
     fullName = string.Empty; 

     var domainAndUsername = string.Format("{0}\\{1}", domain, username); 
     var ldapPath = ""; 
     var entry = new DirectoryEntry(ldapPath, domainAndUsername, password); 
     try 
     { 
      // Bind to the native AdsObject to force authentication. 
      var obj = entry.NativeObject; 
      var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" }; 
      search.PropertiesToLoad.Add("cn"); 
      var result = search.FindOne(); 
      if (result == null) 
       return false; 

      try 
      { 
       fullName = (string)result.Properties["cn"][0]; 
      } 
      catch 
      { 
       fullName = string.Empty; 
      } 
     } 
     catch (Exception ex) 
     { 
      return false; 
     } 

     return true; 
    }

Ma nella mia implementazione ignorato casi, se la password cambiamento utente in account di Active Directory o Ad è stato eliminato. Posso verificarlo manualmente nel mio codice, ma forse esistono altri modi nell'identità ASP.NET per implementare l'autenticazione tramite l'account utente di Active Directory?

fonte

2015-09-09 F_Z_14

risposta

0

vedere se questo può aiutare u

protected bool ActiveDirectoryLogin(string Username, string Password, string Domain) 
{ 
    bool Success = false; 
    //System.DirectoryServices.DirectoryEntry Entry = 
    // new System.DirectoryServices.DirectoryEntry("LDAP://196.15.32.161:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", "uid=" + Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Password, AuthenticationTypes.None); 

    System.DirectoryServices.DirectoryEntry Entry = 
     new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", "uid=" + Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Password,AuthenticationTypes.None); 

    //System.DirectoryServices.DirectoryEntry Entry = 
    // new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Username , Password, AuthenticationTypes.None); 

    System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry); 
    //Entry.Username = "uid="+Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa"; 
    //Entry.Password = Password; 
    //Entry.AuthenticationType = AuthenticationTypes.None; 
    // Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree; 

    try 
    { 

     Object nat = Entry.NativeObject; 
     Success = true; 
//   System.DirectoryServices.SearchResult Results =  Searcher.FindOne(); 
//   Success = (Results != null); 

    } 
    catch (Exception e) 
    { 
     Success = false; 
    } 

    return Success; 
}

fonte

2016-12-15 07:39:03 shomaail

 Problemi correlati

  • Nessun problema correlato^_^