在MVC中检索用户数据的Active Directory身份验证

时间:2015-09-17 06:47:07

标签: asp.net-mvc authentication active-directory form-authentication activedirectorymembership

在我的MVC5应用程序中,我曾经通过检查Active Directory中是否存在用户来应用以下方法。现在,我想使用另一种方法:我将usernamepassword发送到active directory,如果用户存在,则应返回一些active directory信息,即用户NameSurnameDepartment。那么,我如何在Controllerweb.config中定义这种身份验证?

web.config: 

<configuration>
  <system.web>
    <httpCookies httpOnlyCookies="true" />
    <authentication mode="Forms">
      <forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="45" slidingExpiration="false" protection="All" />
    </authentication>
    <membership defaultProvider="ADMembershipProvider">
      <providers>
        <clear />
        <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="myadmin@company" connectionPassword="MyPassword" />
      </providers>
    </membership>
  </system.web>
  <connectionStrings>
    <!-- for LDAP -->
    <add name="ADConnectionString" connectionString="LDAP://adadfaf.my.company:111/DC=my,DC=company" />
  </connectionStrings>
</configuration>


控制器: 

[AllowAnonymous]
[ValidateAntiForgeryToken]
[HttpPost]
public ActionResult Login(User model, string returnUrl)
{
    if (!this.ModelState.IsValid)
    {
        return this.View(model);
    }       

    //At here I need to retrieve some user data from Active Directory instead of hust a boolean result
    if (Membership.ValidateUser(model.UserName, model.Password))
    {
        //On the other hand I am not sure if this cookie lines are enough or not. Should I add some additional lines?
        FormsAuthentication.SetAuthCookie(model.UserName, false); 
        if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
            && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
        {
            return this.Redirect(returnUrl);
        }
        return this.RedirectToAction("Index", "Issue");
    }

    TempData["message"] = "The user name or password provided is incorrect.";
    return this.View(model);
}

1 个答案:

答案 0 :(得分:0)

我所做的是创建一个Class&#34; Session User&#34;其中包含UserID,LoginName并且能够验证用户凭据。

在这个课程中,您还需要输入/调用方法/属性来获取部门,姓氏等... 

public class SesssionUser
{
    [Key]
    [Required]
    public int UserId { get; set; }
    [Required]
    public string LoginName { get; set; }
    [Required]
    [DataType(DataType.Password)]
    public string Password { get; set; }


    private Boolean IsAuth{ get; set; }
    public string Department
    { 
        get { 
        return GetDepartment();
        }
    }

    private string GetDepartment()
    {
        if(!IsAuth) { return null; }
        //Gets the department.
    }

    private bool Authenticate(string userName,string password, string domain)
    {
        bool authentic = false;
        try
        {
            DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,
            userName, password);
            object nativeObject = entry.NativeObject;
            authentic = true;
        }
            catch (DirectoryServicesCOMException) { }
            return authentic;
     }

    /// <summary>
    /// Validates the user in the AD
    /// </summary>
    /// <returns>true if the credentials are correct else false</returns>
    public Boolean ValidateUser()
    {
        IsAuth = Authenticate(LoginName,Password,"<YourDomain>");
        return IsAuth;
    }
}

下一步是在我的案例中创建一个Controller&#34; AccountController&#34;它涉及用户的登录和注销。它使用FormsAuthentication来设置auth。饼干。

using System;
using System.Globalization;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using System.Web.Security;

using MVCErrorLog.Models;

//My class
using Admin.ActiveDirectoryHelper.Objects;

using MVCErrorLog.ViewModels;

namespace MVCErrorLog.Controllers
{

    public class AccountController : Controller
    {
        public ActionResult Login()
        {
            return View();
        }

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Login(string username, string pw)
        {
            if (!ModelState.IsValid) { return RedirectToAction("Index", "Home"); }

            var sessionUser = new SesssionUser();
            sessionUser.LoginName = username;
            sessionUser.Password = pw;
            sessionUser.UserId = 1;

            if (!sessionUser.ValidateUser()) { return View("Login"); }
            FormsAuthentication.SetAuthCookie(sessionUser.LoginName, true);
            return RedirectToAction("Index", "ErrorLogs");
        }

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();

            return RedirectToAction("Index", "ErrorLogs");
        }


        private SesssionUser SetupFormsAuthTicket(SesssionUser user, bool persistanceFlag)
        {
            var userData = user.UserId.ToString(CultureInfo.InvariantCulture);
            var authTicket = new FormsAuthenticationTicket(1, //version
                                user.LoginName, // user name
                                DateTime.Now,             //creation
                                DateTime.Now.AddMinutes(30), //Expiration
                                persistanceFlag, //Persistent
                                userData);

            var encTicket = FormsAuthentication.Encrypt(authTicket);
            Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
            return user;
        }


        protected override void Dispose(bool disposing)
        {
            if (disposing)
            {

            }

            base.Dispose(disposing);
        }
    }
}

最后一步是配置conf。文件使用auth。模式表格

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="1440" /> <!--1440min = 24hours-->
</authentication>

现在你只需要在视图中调用Login并传递参数就可以了。

相关问题
最新问题