Authentication 如何在Razor中进行Active Directory身份验证(cshtml)
我正在用Razor做一个简单的网站。目前,我有基于数据库的身份验证,如下所示: 在AppStart.chtml中:Authentication 如何在Razor中进行Active Directory身份验证(cshtml),authentication,razor,active-directory,ldap,Authentication,Razor,Active Directory,Ldap,我正在用Razor做一个简单的网站。目前,我有基于数据库的身份验证,如下所示: 在AppStart.chtml中: WebSecurity.InitializeDatabaseConnection("db_connection", "users", "id", "username", true); 在login.cshtml页面中: username = Request["username"]; password = Request["password"];
WebSecurity.InitializeDatabaseConnection("db_connection",
"users", "id", "username", true);
username = Request["username"];
password = Request["password"];
if (WebSecurity.Login(username, password, true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
if (!WebSecurity.IsAuthenticated)
{
Response.Redirect("/login.cshtml");
}
if (IsPost)
{
username = Request["username"];
password = Request["password"];
var domain = "domain";
var host = "host";
var port = "389";
LdapConnection ldapConnection = new LdapConnection(host + ":" + port);
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// this is where the authentication occurs
ldapConnection.Bind(networkCredential);
//check local database to make sure the user is one of we allowed
if (WebSecurity.Login(username, "fixed-password, just to check whether someone is on the list of allowed people", true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
}
}
catch (LdapException exception)
{
//Authentication failed, exception will dictate why
errorMessage = "Login was not successful.";
}
<强>谢谢,信用证转到X307861X.
>P>因为这是一个内部应用程序,并且您正在寻找简单的东西,我会考虑编写一个类来进行ActiveDirectory身份验证。不过,要想让它发挥作用,您需要做几件事:
- 对项目中的
的引用System.DirectoryServices.Protocols - Active Directory服务器的IP或DNS名称。我们将在下面的代码中将其称为
host - 它运行的端口(LDAP将是端口636,基本LDAP将是端口389)。我们将在下面的代码中将其称为
端口 - 用户所属的域。我们将在下面的代码中将其称为
域
// the username and password to authenticate
username = Request["username"];
password = Request["password"];
// define your connection
LdapConnection ldapConnection = new LdapConnection("host:port");
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// authenticate the user
ldapConnection.Bind(networkCredential);
}
catch (LdapException ldapException)
{
//Authentication failed, exception will dictate why
}
}
ldapExceptionLdapException.ErrorCode或者,您可以直接将
LdapException.Message.Bind