Model view controller 没有成员资格的active directory mvc
我需要在我的应用程序中使用MVC5实现混合模式身份验证,包括窗体身份验证和windows身份验证Model view controller 没有成员资格的active directory mvc,model-view-controller,active-directory,membership-provider,Model View Controller,Active Directory,Membership Provider,我需要在我的应用程序中使用MVC5实现混合模式身份验证,包括窗体身份验证和windows身份验证 这意味着我需要在不使用ASP.NET成员身份提供程序的情况下实现Active directory身份验证。似乎您希望将Active directory用户用作ASP.NET身份用户。。 准备UserLogin信息的方法(用于添加到ASPNET Idenity) 并创建一个针对active directory进行验证的方法 private string IsValidADUser(string use
这意味着我需要在不使用ASP.NET成员身份提供程序的情况下实现Active directory身份验证。似乎您希望将Active directory用户用作ASP.NET身份用户。。 准备UserLogin信息的方法(用于添加到ASPNET Idenity) 并创建一个针对active directory进行验证的方法
private string IsValidADUser(string userName, string password)
{
String adServerName = "LDAP://<<your LDAP String>>";
var sid = "";
try
{
var directoryEntry = new DirectoryEntry();
if (!string.IsNullOrEmpty(adServerName))
{
directoryEntry.Path = adServerName;
directoryEntry.Username = userName;
directoryEntry.Password = password;
directoryEntry.AuthenticationType = AuthenticationTypes.Secure;
}
else
{
throw new Exception("Invalid AD");
}
if (directoryEntry.NativeObject != null)
{
// Verify the user is locked or not
DirectorySearcher searcher = new DirectorySearcher(directoryEntry);
searcher.Filter = "(SAMAccountName=" + userName + ")";
searcher.CacheResults = false;
SearchResult result = searcher.FindOne();
if (result == null || result.Properties["lockoutTime"][0].ToString() != "0")
{
throw new Exception("User Account is locked");
}
else
{
var sidInBytes = (byte[])result.Properties["objectSid"][0];
sid = new SecurityIdentifier(sidInBytes, 0).ToString();
//isValidUser = true;
}
}
}
catch (Exception ex)
{
throw new Exception("AD:" + ex.Message);
}
return sid;
}
私有字符串isValidUser(字符串用户名、字符串密码)
{
字符串adServerName=“LDAP://”;
var-sid=“”;
尝试
{
var directoryEntry=新的directoryEntry();
如果(!string.IsNullOrEmpty(adServerName))
{
directoryEntry.Path=adServerName;
directoryEntry.Username=用户名;
directoryEntry.Password=密码;
directoryEntry.AuthenticationType=AuthenticationTypes.Secure;
}
其他的
{
抛出新异常(“无效AD”);
}
if(directoryEntry.NativeObject!=null)
{
//验证用户是否已锁定
DirectorySearcher search=新的DirectorySearcher(directoryEntry);
searcher.Filter=“(SAMAccountName=“+userName+”);
searcher.CacheResults=false;
SearchResult=searcher.FindOne();
if(result==null | | result.Properties[“锁定时间”][0].ToString()!=“0”)
{
抛出新异常(“用户帐户已锁定”);
}
其他的
{
var sidInBytes=(byte[])result.Properties[“objectSid”][0];
sid=新的SecurityIdentifier(sidInBytes,0).ToString();
//isValidUser=true;
}
}
}
捕获(例外情况除外)
{
抛出新异常(“AD:+ex.Message”);
}
返回sid;
}
谢谢这正是我需要的。如果我能帮上忙,我很高兴
private string IsValidADUser(string userName, string password)
{
String adServerName = "LDAP://<<your LDAP String>>";
var sid = "";
try
{
var directoryEntry = new DirectoryEntry();
if (!string.IsNullOrEmpty(adServerName))
{
directoryEntry.Path = adServerName;
directoryEntry.Username = userName;
directoryEntry.Password = password;
directoryEntry.AuthenticationType = AuthenticationTypes.Secure;
}
else
{
throw new Exception("Invalid AD");
}
if (directoryEntry.NativeObject != null)
{
// Verify the user is locked or not
DirectorySearcher searcher = new DirectorySearcher(directoryEntry);
searcher.Filter = "(SAMAccountName=" + userName + ")";
searcher.CacheResults = false;
SearchResult result = searcher.FindOne();
if (result == null || result.Properties["lockoutTime"][0].ToString() != "0")
{
throw new Exception("User Account is locked");
}
else
{
var sidInBytes = (byte[])result.Properties["objectSid"][0];
sid = new SecurityIdentifier(sidInBytes, 0).ToString();
//isValidUser = true;
}
}
}
catch (Exception ex)
{
throw new Exception("AD:" + ex.Message);
}
return sid;
}