Authentication 如何在Razor中进行Active Directory身份验证(cshtml)
我正在用Razor做一个简单的网站。目前,我有基于数据库的身份验证,如下所示: 在AppStart.chtml中:Authentication 如何在Razor中进行Active Directory身份验证(cshtml),authentication,razor,active-directory,ldap,Authentication,Razor,Active Directory,Ldap,我正在用Razor做一个简单的网站。目前,我有基于数据库的身份验证,如下所示: 在AppStart.chtml中: WebSecurity.InitializeDatabaseConnection("db_connection", "users", "id", "username", true); 在login.cshtml页面中: username = Request["username"]; password = Request["password"];
WebSecurity.InitializeDatabaseConnection("db_connection",
"users", "id", "username", true);
在login.cshtml页面中:
username = Request["username"];
password = Request["password"];
if (WebSecurity.Login(username, password, true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
在受保护的CSHTML页面中,我在页面顶部有以下内容:
if (!WebSecurity.IsAuthenticated)
{
Response.Redirect("/login.cshtml");
}
一切都很简单,运行良好。现在我想用AD添加身份验证。我不知道怎么做
我来自Java世界,有多年的经验。对于这个简单的网站,我不需要MVC架构。我需要简单的事情类似于上述(如果可能的话)。我只需要在login.cshtml文件中进行身份验证。我在谷歌上搜索了很多,但找不到我需要的教程(这样我就可以复制和粘贴)
非常感谢您的指点和帮助
谢谢和问候
更新:此应用程序位于内部网络上。
更新2:以下是我在成功实现X3074861X代码后得到的代码
if (IsPost)
{
username = Request["username"];
password = Request["password"];
var domain = "domain";
var host = "host";
var port = "389";
LdapConnection ldapConnection = new LdapConnection(host + ":" + port);
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// this is where the authentication occurs
ldapConnection.Bind(networkCredential);
//check local database to make sure the user is one of we allowed
if (WebSecurity.Login(username, "fixed-password, just to check whether someone is on the list of allowed people", true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
}
}
catch (LdapException exception)
{
//Authentication failed, exception will dictate why
errorMessage = "Login was not successful.";
}
一些解释。我没有对广告的控制权,因此我只能对用户进行身份验证。我仍然有一个小的本地数据库,可以显示谁可以访问该应用程序。每个有权访问该应用程序的人都有相同的权限
<强>谢谢,信用证转到X307861X.
>P>因为这是一个内部应用程序,并且您正在寻找简单的东西,我会考虑编写一个类来进行ActiveDirectory身份验证。不过,要想让它发挥作用,您需要做几件事:
- 对项目中的
的引用System.DirectoryServices.Protocols
- Active Directory服务器的IP或DNS名称。我们将在下面的代码中将其称为
host
- 它运行的端口(LDAP将是端口636,基本LDAP将是端口389)。我们将在下面的代码中将其称为
端口
- 用户所属的域。我们将在下面的代码中将其称为
李>域
// the username and password to authenticate
username = Request["username"];
password = Request["password"];
// define your connection
LdapConnection ldapConnection = new LdapConnection("host:port");
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// authenticate the user
ldapConnection.Bind(networkCredential);
}
catch (LdapException ldapException)
{
//Authentication failed, exception will dictate why
}
}
同样,与您之前沟通授权问题的方式相同,ldapException
可以告诉您调用失败的原因。如果您想显示自定义消息,我将检查LdapException.ErrorCode
属性,并可能基于该属性创建返回消息的case语句
或者,您可以直接将
LdapException.Message
输出到页面-无论哪种方式,这至少会告诉用户为什么他们的登录不起作用 这是一个内部应用程序,还是您必须呼叫网络外部的Active Directory服务器?是的。它是一个内部应用程序。非常感谢您的来电!!!X3074861X:感谢您提供的样本。我会尝试一下,然后再给你回复。再次感谢!!!X3074861X:它工作得非常好。非常感谢您提供清晰的代码和解释!!!!“这就是授权发生的地方”应该是“身份验证”@curious1 Cool man,很高兴我能帮上忙!至于代码注释,我想说明的是,.Bind
实际上是针对Active Directory执行登录的,但我确实明白您的观点,我将相应地进行更新。