C# 2层应用程序中的.NET Active Directory授权
假设我们有一个PC站(windows 10)加入到Active Directory,并且有一个用户已登录 我有一个应用程序(客户端层直接连接到数据库)。目前,应用程序在启动时会提示输入登录名/密码,但是我想更改这一点,如果当前用户已连接到域(登录系统),则在不提示输入凭据的情况下立即为其提供访问权限 我可以想象,一旦用户登录到系统,帐户可以同时被禁用,或者密码需要更改或密码过期。由于我没有该帐户的密码,问题是 如何验证Active Directory中当前登录的用户,以确定我是否可以授予他访问应用程序的权限?您可以检查:C# 2层应用程序中的.NET Active Directory授权,c#,.net,active-directory,windows-security,C#,.net,Active Directory,Windows Security,假设我们有一个PC站(windows 10)加入到Active Directory,并且有一个用户已登录 我有一个应用程序(客户端层直接连接到数据库)。目前,应用程序在启动时会提示输入登录名/密码,但是我想更改这一点,如果当前用户已连接到域(登录系统),则在不提示输入凭据的情况下立即为其提供访问权限 我可以想象,一旦用户登录到系统,帐户可以同时被禁用,或者密码需要更改或密码过期。由于我没有该帐户的密码,问题是 如何验证Active Directory中当前登录的用户,以确定我是否可以授予他访问应
这是我的解决方案。它到达AD目录并检查帐户是否确实存在,并验证其已启用身份验证属性。也许有人会帮上忙
public class ADAuthentication
{
private string userPrincipalName = UserPrincipal.Current.UserPrincipalName;
private string userName = Environment.UserName;
public string UserPrincipalName
{
get { return userPrincipalName; }
set { userPrincipalName = value; }
}
public string Username
{
get { return userName; }
set { userName = value; }
}
private string domainName;
private string container;
public enum AuthenticationMode { Credentials, ActiveDirectory };
public AuthenticationMode GetAuthenticationType()
{
if (String.Equals(domainName, Environment.UserDomainName, StringComparison.OrdinalIgnoreCase))
{
try
{
using (var domainContext = new PrincipalContext(ContextType.Domain, domainName, container))
{
using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.UserPrincipalName, userPrincipalName))
{
if (foundUser != null && foundUser.Enabled == true)
return AuthenticationMode.ActiveDirectory;
}
}
}
catch (AuthenticationException)
{
return AuthenticationMode.Credentials;
}
catch (PrincipalServerDownException)
{
return AuthenticationMode.Credentials;
}
}
return AuthenticationMode.Credentials;
}
public ADAuthentication (string domainName)
{
if (string.IsNullOrWhiteSpace(domainName))
throw new InvalidOperationException("The domainName parameter is required.");
string[] parts = domainName.Split('.');
this.domainName = parts[0];
this.container = string.Empty;
for (int i = 0; i < parts.Length; i++)
{
string separator = string.IsNullOrEmpty(container) ? "" : ",";
this.container += string.Format("{0}DC={1}", separator, parts[i]);
}
}
}
公共类身份验证
{
私有字符串userPrincipalName=userPrincipalName.Current.userPrincipalName;
私有字符串userName=Environment.userName;
公共字符串UserPrincipalName
{
获取{return userPrincipalName;}
设置{userPrincipalName=value;}
}
公共字符串用户名
{
获取{返回用户名;}
设置{userName=value;}
}
私有字符串域名;
私有字符串容器;
公共枚举身份验证模式{凭据,ActiveDirectory};
公共身份验证模式GetAuthenticationType()
{
if(String.Equals(domainName、Environment.UserDomainName、StringComparison.OrdinalIgnoreCase))
{
尝试
{
使用(var domainContext=newprincipalcontext(ContextType.Domain、domainName、container))
{
使用(var foundUser=UserPrincipal.FindByIdentity(domainContext,IdentityType.UserPrincipalName,UserPrincipalName))
{
if(foundUser!=null&&foundUser.Enabled==true)
返回AuthenticationMode.ActiveDirectory;
}
}
}
捕获(AuthenticationException)
{
返回AuthenticationMode.Credentials;
}
捕获(PrincipalServerDownException)
{
返回AuthenticationMode.Credentials;
}
}
返回AuthenticationMode.Credentials;
}
公共ADAuthentication(字符串域名)
{
if(string.IsNullOrWhiteSpace(域名))
抛出新的InvalidOperationException(“需要域名参数”);
string[]parts=domainName.Split('.');
this.domainName=parts[0];
this.container=string.Empty;
对于(int i=0;i
你解决问题了吗?@FalcoAlexander看看我的答案。希望它能帮助你。
public class ADAuthentication
{
private string userPrincipalName = UserPrincipal.Current.UserPrincipalName;
private string userName = Environment.UserName;
public string UserPrincipalName
{
get { return userPrincipalName; }
set { userPrincipalName = value; }
}
public string Username
{
get { return userName; }
set { userName = value; }
}
private string domainName;
private string container;
public enum AuthenticationMode { Credentials, ActiveDirectory };
public AuthenticationMode GetAuthenticationType()
{
if (String.Equals(domainName, Environment.UserDomainName, StringComparison.OrdinalIgnoreCase))
{
try
{
using (var domainContext = new PrincipalContext(ContextType.Domain, domainName, container))
{
using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.UserPrincipalName, userPrincipalName))
{
if (foundUser != null && foundUser.Enabled == true)
return AuthenticationMode.ActiveDirectory;
}
}
}
catch (AuthenticationException)
{
return AuthenticationMode.Credentials;
}
catch (PrincipalServerDownException)
{
return AuthenticationMode.Credentials;
}
}
return AuthenticationMode.Credentials;
}
public ADAuthentication (string domainName)
{
if (string.IsNullOrWhiteSpace(domainName))
throw new InvalidOperationException("The domainName parameter is required.");
string[] parts = domainName.Split('.');
this.domainName = parts[0];
this.container = string.Empty;
for (int i = 0; i < parts.Length; i++)
{
string separator = string.IsNullOrEmpty(container) ? "" : ",";
this.container += string.Format("{0}DC={1}", separator, parts[i]);
}
}
}