Question

我尝试对我的ASP.NET MVC应用程序进行Active Directory身份验证。我使用System.DirectoryServices并在登录期间在UserManager中查找用户。如果没有找到用户我尝试在Active Directory中查找用户，并且如果使用UserManager.CreateAsync（）在asp.net mvc app中成功注册用户。

    private ApplicationUserManager _userManager;
    private ApplicationRoleManager _roleManager;

    //
    // POST: /Account/Login
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel loginModel, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var user = await UserManager.FindAsync(loginModel.UserName, loginModel.Password);
            if (user != null)
            {
                await SignInAsync(user, loginModel.RememberMe);
                return RedirectToLocal(returnUrl);
            }

            string userFullName;
            if (AuthenticateActiveDirectoryUser("mydomain.local", loginModel.UserName, loginModel.Password, out userFullName))
            {
                var newUser = new ApplicationUser { UserName = loginModel.UserName, FullName = userFullName };
                var result = await UserManager.CreateAsync(newUser, loginModel.Password);                   

                if (result.Succeeded)
                {
                    await SignInAsync(newUser, loginModel.RememberMe);
                    return RedirectToLocal(returnUrl);
                }

                AddErrors(result);
            }
            else
            {
                ModelState.AddModelError("", "Invalid UserName or Password");
            }
        }

        return View(loginModel);
    }

    private bool AuthenticateActiveDirectoryUser(
        string domain,
        string username,
        string password,
        out string fullName)
    {
        fullName = string.Empty;

        var domainAndUsername = string.Format("{0}\\{1}", domain, username);
        var ldapPath = "";
        var entry = new DirectoryEntry(ldapPath, domainAndUsername, password);
        try
        {
            // Bind to the native AdsObject to force authentication.
            var obj = entry.NativeObject;
            var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" };
            search.PropertiesToLoad.Add("cn");
            var result = search.FindOne();
            if (result == null)
                return false;

            try
            {
                fullName = (string)result.Properties["cn"][0];
            }
            catch
            {
                fullName = string.Empty;
            }
        }
        catch (Exception ex)
        {
            return false;
        }

        return true;
    }

但是在我的实现中忽略了用户更改Active Directory帐户或AD帐户中的密码的情况。我可以在我的代码中手动检查它，但是在ASP.NET Identity中可能存在其他方式来实现Active Directory用户帐户的身份验证吗？

Answer 1

＆lt; p＆gt;看看这是否有助于你＆lt; / p＆gt; ＆LT;预＆GT;＆LT;代码＆GT; protected bool ActiveDirectoryLogin（string Username，string Password，string Domain） { bool成功=假; //System.DirectoryServices.DirectoryEntry Entry = // new System.DirectoryServices.DirectoryEntry（＆＃34; LDAP：//***.**.**.**：389 / cn = *** - People，o = **，dc = **， dc = edu，dc = sa＆＃34;，＆＃34; uid =＆＃34; +用户名+＆＃34;，cn = *** - 人物，o = ***，dc = ***，dc = edu，dc = sa＆＃34;，Password，AuthenticationTypes.None）; System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry（＆＃34; LDAP：//ldapmaster.***.edu.sa：389 / cn = *** - People，o = ***，dc = ***，dc = edu ，dc = sa＆＃34;，＆＃34; uid =＆＃34; +用户名+＆＃34;，cn = *** - 人物，o = ***，dc = ***，dc = edu， dc = sa＆＃34;，Password，AuthenticationTypes.None）; //System.DirectoryServices.DirectoryEntry Entry = // new System.DirectoryServices.DirectoryEntry（＆＃34; LDAP：//ldapmaster.***.edu.sa：389 / cn = *** - People，o = ***，dc = ***，dc = edu，dc = sa＆＃34;，Username，Password，AuthenticationTypes.None）; System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher（Entry）; 尝试 { Object nat = Entry.NativeObject; 成功=真; // System.DirectoryServices.SearchResult Results = Searcher.FindOne（）; //成功=（结果！= null）; } catch（例外e） { 成功=假; } 返回成功; } ＆LT; /代码＆GT;＆LT; /预＆GT;

使用Asp.NET标识进行LDAP身份验证

1 个答案: