C# 从adlds实例验证asp.net mvc 5应用程序
您好,我想将LDAP(安装在windows 8.1计算机上的AD LDS)表单身份验证集成到我的mvc 5应用程序中。C# 从adlds实例验证asp.net mvc 5应用程序,c#,asp.net,asp.net-mvc,active-directory,ldap,C#,Asp.net,Asp.net Mvc,Active Directory,Ldap,您好,我想将LDAP(安装在windows 8.1计算机上的AD LDS)表单身份验证集成到我的mvc 5应用程序中。 我不知道我是否在web.config上丢失了某些内容,或者我的c#代码错误,但我已成功地从ldp.exe和ADSI Edit as User=Admin连接,他们具有管理员权限,如图所示 在我的web配置中,我添加了以下行: <connectionStrings> <add name="ADWEB" connectionString="LDAP://
我不知道我是否在web.config上丢失了某些内容,或者我的c#代码错误,但我已成功地从ldp.exe和ADSI Edit as User=Admin连接,他们具有管理员权限,如图所示 在我的web配置中,我添加了以下行:
<connectionStrings>
<add name="ADWEB" connectionString="LDAP://M0I:389/CN=Users,CN=Elise,DC=App,DC=com" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="~/Login/Login" defaultUrl="~/home/index" timeout="10" path="/" requireSSL="false" slidingExpiration="true"
cookieless="UseCookies" domain=""
enableCrossAppRedirects="false" >
<credentials passwordFormat="SHA1" />
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MyDSProvider">
<providers>
<clear />
<add name="MyDSProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" applicationName="LDAP"
connectionStringName="ADWEB"
connectionUsername="CN=Admin,CN=Users,CN=Elise,DC=App,DC=com"
connectionPassword="Azerty*123"
connectionProtection="None" enableSearchMethods="True" />
</providers>
</membership>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
her是我在登录操作中使用的LdapAuthentification类
using System.Text;
using System.Collections;
using System.DirectoryServices;
using System;
namespace LDAP.LDAP
{
class LdapAuthentication
{
private string _path;
private string _filterAttribute;
public LdapAuthentication(string path)
{
_path = path;
}
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path,
domainAndUsername,
pwd);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
public string GetGroups()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
try
{
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
String dn;
int equalsIndex, commaIndex;
for (int propertyCounter = 0; propertyCounter < propertyCount;
propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
return null;
}
groupNames.Append(dn.Substring((equalsIndex + 1),
(commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
}
catch (Exception ex)
{
throw new Exception("Error obtaining group names. " +
ex.Message);
}
return groupNames.ToString();
}
}
}
最后,我连接到我的AD LDS实例,而不在web.config中设置连接字符串 下面的代码显示了我如何使用AD LDS对用户进行身份验证
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="~/Login/Login" defaultUrl="~/home/index" timeout="10" path="/" requireSSL="false" slidingExpiration="true"
cookieless="UseCookies" domain=""
enableCrossAppRedirects="false" >
<credentials passwordFormat="SHA1" />
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
登录方法:
[AllowAnonymous]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(string txtUserName, string txtPassword, string returnUrl)
{
string error;
try
{
PrincipalContext context = new PrincipalContext(ContextType.ApplicationDirectory, "M0I:389", "CN=Elise,DC=App,DC=com", ContextOptions.Negotiate);
bool auth = context.ValidateCredentials(
String.Format("CN={0},CN=Users,CN=Elise,DC=App,DC=com",
txtUserName),
txtPassword,
ContextOptions.SimpleBind);
//get all users groups
UserPrincipal user = UserPrincipal.FindByIdentity(context, txtUserName);
if (user != null)
{
PrincipalSearchResult<Principal> authgroups = user.GetAuthorizationGroups();
// do your checking with the auth groups that the user has - against your list
foreach (var item in authgroups)
{
string x = item.Name;
}
}
if (true == auth)
{
// Create the authetication ticket
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1, // version
txtUserName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, "Administrators");
// Now encrypt the ticket.
string encryptedTicket =
FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
if (!string.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
Response.Redirect(
FormsAuthentication.GetRedirectUrl(txtUserName,false));
}
}
else
{
error =
"Authentication failed, check username and password.";
ModelState.AddModelError(string.Empty, error);
ViewBag.ReturnUrl = returnUrl;
}
}
catch (Exception ex)
{
error = "Error authenticating. " + ex.Message;
ModelState.AddModelError(string.Empty, error);
ViewBag.ReturnUrl = returnUrl;
}
return Redirect(returnUrl);
}
[AllowAnonymous]
[HttpPost]
[ValidateAntiForgeryToken]
公共操作结果登录(字符串txtUserName、字符串txtPassword、字符串returnUrl)
{
字符串错误;
尝试
{
PrincipalContext context=新PrincipalContext(ContextType.ApplicationDirectory,“M0I:389”,“CN=Elise,DC=App,DC=com”,ContextOptions.Negotiate);
bool auth=context.ValidateCredentials(
Format(“CN={0},CN=Users,CN=Elise,DC=App,DC=com”,
txtUserName),
TXT密码,
ContextOptions.SimpleBind);
//获取所有用户组
UserPrincipal user=UserPrincipal.FindByIdentity(上下文,txtUserName);
如果(用户!=null)
{
PrincipalSearchResult authgroups=user.GetAuthorizationGroups();
//根据列表检查用户拥有的身份验证组
foreach(authgroups中的变量项)
{
字符串x=item.Name;
}
}
if(true==auth)
{
//创建授权票证
FormsAuthenticationTicket身份验证票证=
新表单身份验证票证(1,//版本
txtUserName,
日期时间,现在,
DateTime.Now.AddMinutes(60),
虚假,“管理人”);
//现在加密票据。
字符串加密磁带=
FormsAuthentication.Encrypt(authTicket);
//创建cookie并将加密票证添加到
//cookie作为数据。
HttpCookie-authCookie=
新的HttpCookie(FormsAuthentication.FormScookeName,
加密磁带);
//将cookie添加到传出cookies集合。
Response.Cookies.Add(authCookie);
如果(!string.IsNullOrEmpty(returnUrl))
{
返回重定向(returnUrl);
}
其他的
{
响应,重定向(
FormsAuthentication.GetRedirectUrl(txtUserName,false));
}
}
其他的
{
错误=
“身份验证失败,请检查用户名和密码。”;
AddModelError(string.Empty,error);
ViewBag.ReturnUrl=返回URL;
}
}
捕获(例外情况除外)
{
error=“错误验证。”+例如消息;
AddModelError(string.Empty,error);
ViewBag.ReturnUrl=返回URL;
}
返回重定向(returnUrl);
}
我现在唯一的问题是,我无法使用User.IsInRole检查当前用户是否是视图中某个组的成员
@User.Identity.IsAuthenticated正在提供true
@User.IsInRole(“管理员”)给出的是false
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="~/Login/Login" defaultUrl="~/home/index" timeout="10" path="/" requireSSL="false" slidingExpiration="true"
cookieless="UseCookies" domain=""
enableCrossAppRedirects="false" >
<credentials passwordFormat="SHA1" />
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
if (Request.IsAuthenticated)
{
return RedirectToAction("Index", "Home");
}
ViewBag.ReturnUrl = returnUrl;
return View();
}
[AllowAnonymous]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(string txtUserName, string txtPassword, string returnUrl)
{
string error;
try
{
PrincipalContext context = new PrincipalContext(ContextType.ApplicationDirectory, "M0I:389", "CN=Elise,DC=App,DC=com", ContextOptions.Negotiate);
bool auth = context.ValidateCredentials(
String.Format("CN={0},CN=Users,CN=Elise,DC=App,DC=com",
txtUserName),
txtPassword,
ContextOptions.SimpleBind);
//get all users groups
UserPrincipal user = UserPrincipal.FindByIdentity(context, txtUserName);
if (user != null)
{
PrincipalSearchResult<Principal> authgroups = user.GetAuthorizationGroups();
// do your checking with the auth groups that the user has - against your list
foreach (var item in authgroups)
{
string x = item.Name;
}
}
if (true == auth)
{
// Create the authetication ticket
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1, // version
txtUserName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, "Administrators");
// Now encrypt the ticket.
string encryptedTicket =
FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
if (!string.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
Response.Redirect(
FormsAuthentication.GetRedirectUrl(txtUserName,false));
}
}
else
{
error =
"Authentication failed, check username and password.";
ModelState.AddModelError(string.Empty, error);
ViewBag.ReturnUrl = returnUrl;
}
}
catch (Exception ex)
{
error = "Error authenticating. " + ex.Message;
ModelState.AddModelError(string.Empty, error);
ViewBag.ReturnUrl = returnUrl;
}
return Redirect(returnUrl);
}