使用 Asp.NET 身份的 LDAP 身份验证

【问题标题】:LDAP Authentication with Asp.NET Identity使用 Asp.NET 身份的 LDAP 身份验证
【发布时间】:2015-12-04 21:37:45
【问题描述】:

我尝试为我的 ASP.NET MVC 应用程序实施 Active Directory 身份验证。我使用 System.DirectoryServices 并在登录期间在 UserManager 中查找用户。如果未找到用户,我将尝试在 Active Directory 中查找用户,并且如果使用 UserManager.CreateAsync() 在 asp.net mvc 应用程序中成功注册用户。

    private ApplicationUserManager _userManager;
    private ApplicationRoleManager _roleManager;

    //
    // POST: /Account/Login
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel loginModel, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var user = await UserManager.FindAsync(loginModel.UserName, loginModel.Password);
            if (user != null)
            {
                await SignInAsync(user, loginModel.RememberMe);
                return RedirectToLocal(returnUrl);
            }

            string userFullName;
            if (AuthenticateActiveDirectoryUser("mydomain.local", loginModel.UserName, loginModel.Password, out userFullName))
            {
                var newUser = new ApplicationUser { UserName = loginModel.UserName, FullName = userFullName };
                var result = await UserManager.CreateAsync(newUser, loginModel.Password);                   

                if (result.Succeeded)
                {
                    await SignInAsync(newUser, loginModel.RememberMe);
                    return RedirectToLocal(returnUrl);
                }

                AddErrors(result);
            }
            else
            {
                ModelState.AddModelError("", "Invalid UserName or Password");
            }
        }

        return View(loginModel);
    }

    private bool AuthenticateActiveDirectoryUser(
        string domain,
        string username,
        string password,
        out string fullName)
    {
        fullName = string.Empty;

        var domainAndUsername = string.Format("{0}\\{1}", domain, username);
        var ldapPath = "";
        var entry = new DirectoryEntry(ldapPath, domainAndUsername, password);
        try
        {
            // Bind to the native AdsObject to force authentication.
            var obj = entry.NativeObject;
            var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" };
            search.PropertiesToLoad.Add("cn");
            var result = search.FindOne();
            if (result == null)
                return false;

            try
            {
                fullName = (string)result.Properties["cn"][0];
            }
            catch
            {
                fullName = string.Empty;
            }
        }
        catch (Exception ex)
        {
            return false;
        }

        return true;
    }

但在我的实施中,如果 Active Directory 帐户或 AD 帐户中的用户更改密码被删除,则忽略了这种情况。 我可以在我的代码中手动检查它,但在 ASP.NET Identity 中可能存在其他方式来实现 Active Directory 用户帐户的身份验证?

【问题讨论】:

    标签: asp.net asp.net-mvc active-directory ldap asp.net-identity


    【解决方案1】:

    看看能不能帮到你

        protected bool ActiveDirectoryLogin(string Username, string Password, string Domain)
{
    bool Success = false;
    //System.DirectoryServices.DirectoryEntry Entry =
    //    new System.DirectoryServices.DirectoryEntry("LDAP://***.**.**.**:389/cn=***-People,o=**,dc=**,dc=edu,dc=sa", "uid=" + Username + ",cn=***-People,o=***,dc=***,dc=edu,dc=sa", Password, AuthenticationTypes.None);

    System.DirectoryServices.DirectoryEntry Entry =
        new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.***.edu.sa:389/cn=***-People,o=***,dc=***,dc=edu,dc=sa", "uid=" + Username + ",cn=***-People,o=***,dc=***,dc=edu,dc=sa", Password,AuthenticationTypes.None);

    //System.DirectoryServices.DirectoryEntry Entry =
    //    new   System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.***.edu.sa:389/cn=***-People,o=***,dc=***,dc=edu,dc=sa", Username , Password, AuthenticationTypes.None);

    System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry);
            try
    {

        Object nat = Entry.NativeObject;
        Success = true;
//            System.DirectoryServices.SearchResult Results =     Searcher.FindOne();
//            Success = (Results != null);

    }
    catch (Exception e)
    {
        Success = false;
    }

    return Success;
}

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2018-11-03
      • 1970-01-01
      • 1970-01-01
      • 2017-06-03
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode