如何使用c#从asp.net中的active directory获取授权用户?
我想从active directory获取登录页面的授权用户。当用户输入错误的详细信息时,页面需要显示“无效用户”,如果输入正确的详细信息,则进入主页 这里提到了我的代码。当我运行此代码时,页面显示“无效用户”,即使我输入了正确的登录详细信息如何使用c#从asp.net中的active directory获取授权用户?,c#,asp.net,C#,Asp.net,我想从active directory获取登录页面的授权用户。当用户输入错误的详细信息时,页面需要显示“无效用户”,如果输入正确的详细信息,则进入主页 这里提到了我的代码。当我运行此代码时,页面显示“无效用户”,即使我输入了正确的登录详细信息 protected void Button1_Click1(object sender, EventArgs e) { string dominName = "ldap://domain.com:121";
protected void Button1_Click1(object sender, EventArgs e)
{
string dominName = "ldap://domain.com:121";
string userName = "guest";
string password = "testlogin";
if (true == AuthenticateUser(dominName, userName, password))
{
Response.Redirect("default.aspx");
}
else
{
Response.Write("Invalid user name or Password!");
}
}
public bool AuthenticateUser(string domain, string username, string password)
{
DirectoryEntry entry = new DirectoryEntry(domain, username, password);
try
{
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(sAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
Response.Write(domain);
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
}
catch (Exception ex)
{
return false;
throw new Exception("Error authenticating user." + ex.Message);
}
return true;
}
找到上面的代码我犯了什么错误。请为此提供最佳解决方案 您可以从PrincipalContext获取它。如果您有特定的域,您可能需要查看示例代码
public bool ValidateCredentials(string userName, string password)
{
userName = userName.EnsureNotNull();
userName = userName.Trim();
password = password.EnsureNotNull();
password = password.Trim();
using (var context = new PrincipalContext(ContextType.Domain))
{
return context.ValidateCredentials(userName, password);
}
}
public bool IsUserInAdGroup(string userName, string adGroupName)
{
bool result = false;
userName = userName.EnsureNotNull();
userName = userName.Trim();
using (var context = new PrincipalContext(ContextType.Domain))
{
var user = UserPrincipal.FindByIdentity(context, userName);
if (user != null)
{
var group = GroupPrincipal.FindByIdentity(context, adGroupName);
if (group != null)
{
if (user.IsMemberOf(group))
{
result = true;
}
}
}
}
return result;
}
您可以从PrincipalContext获取它。如果您有特定的域,您可能需要查看示例代码
public bool ValidateCredentials(string userName, string password)
{
userName = userName.EnsureNotNull();
userName = userName.Trim();
password = password.EnsureNotNull();
password = password.Trim();
using (var context = new PrincipalContext(ContextType.Domain))
{
return context.ValidateCredentials(userName, password);
}
}
public bool IsUserInAdGroup(string userName, string adGroupName)
{
bool result = false;
userName = userName.EnsureNotNull();
userName = userName.Trim();
using (var context = new PrincipalContext(ContextType.Domain))
{
var user = UserPrincipal.FindByIdentity(context, userName);
if (user != null)
{
var group = GroupPrincipal.FindByIdentity(context, adGroupName);
if (group != null)
{
if (user.IsMemberOf(group))
{
result = true;
}
}
}
}
return result;
}
最后我从网站上得到了这个解决方案。上面的代码有一点变化。现在它工作得很好
protected void Button1_Click1(object sender, EventArgs e)
{
string dominName = "ldap://domain.com";
string userName = "guest";
string password = "testlogin";
if (true == AuthenticateUser(dominName, userName, password))
{
Response.Redirect("default.aspx");
}
else
{
Response.Write("Invalid user name or Password!");
}
}
private bool AuthenticateUser( string domain, string userName, string password)
{
bool authentic = false;
try
{
DirectoryEntry entry = new DirectoryEntry(domain, userName, password);
entry.Path = "LDAP://OU=allsuers,OU=users,DC=domain,DC=com";
DirectorySearcher searcher = new DirectorySearcher(entry)
{
PageSize = int.MaxValue,
Filter = "(sAMAccountName=" + userName + ")"
};
var result = searcher.FindOne();
if (result == null) {
return true;
}
}
catch (DirectoryServicesCOMException) { }
return authentic;
}
谢谢大家。所有人都支持这样做。最终我从网站上得到了解决方案。上面的代码有一点变化。现在它工作得很好
protected void Button1_Click1(object sender, EventArgs e)
{
string dominName = "ldap://domain.com";
string userName = "guest";
string password = "testlogin";
if (true == AuthenticateUser(dominName, userName, password))
{
Response.Redirect("default.aspx");
}
else
{
Response.Write("Invalid user name or Password!");
}
}
private bool AuthenticateUser( string domain, string userName, string password)
{
bool authentic = false;
try
{
DirectoryEntry entry = new DirectoryEntry(domain, userName, password);
entry.Path = "LDAP://OU=allsuers,OU=users,DC=domain,DC=com";
DirectorySearcher searcher = new DirectorySearcher(entry)
{
PageSize = int.MaxValue,
Filter = "(sAMAccountName=" + userName + ")"
};
var result = searcher.FindOne();
if (result == null) {
return true;
}
}
catch (DirectoryServicesCOMException) { }
return authentic;
}
谢谢大家。谁都支持这样做。
授权用户授权用户