MVC 5绕过Windows身份验证用户身份验证的用户

时间:2015-12-14 05:20:04

标签: c# asp.net asp.net-mvc-5 windows-authentication form-authentication

我已经使用MVC 5编写了一个网站,它使用SQL Server进行表单身份验证。

现在我可以绕过已经在办公室网络上的用户Forms Authentication。此外,我想跟踪用户并应用与Forms Authentication类似的规则。感谢。

1 个答案:

答案 0 :(得分:1)

是的,你可以这样做。这是检查域中用户的代码。首先获取域名并尝试使用域验证用户。如果失败则继续进行表格认证。

 public static string DomainControllerName { get; private set; }
 public static string ComputerName { get; private set; }
 public static string DomainName { get; private set; }
 public static string DomainPath
 {
            get
            {
                bool bFirst = true;
                StringBuilder sbReturn = new StringBuilder(200);
                string[] strlstDc = DomainName.Split('.');
                foreach (string strDc in strlstDc)
                {
                    if (bFirst)
                    {
                        sbReturn.Append("DC=");
                        bFirst = false;
                    }
                    else
                        sbReturn.Append(",DC=");

                    sbReturn.Append(strDc);
                }
                return sbReturn.ToString();
            }
 }
        public static string RootPath
        {
            get
            {
                return string.Format("LDAP://{0}/{1}", DomainName, DomainPath);
            }
        }
Domain domain = null;
DomainController domainController = null;
try
{
    domain = Domain.GetCurrentDomain();
        DomainName = domain.Name;
        domainController = domain.PdcRoleOwner;
        DomainControllerName = domainController.Name.Split('.')[0];
        ComputerName = Environment.MachineName;
}
finally
{
if (domain != null)
       domain.Dispose();
if (domainController != null)
       domainController.Dispose();
}


try
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
    {
                DirectoryEntry root = new DirectoryEntry(RootPath, txtUserName.Text.Trim(), txtPassword.Text);
                DirectorySearcher search = new DirectorySearcher(root);

            search.SearchScope = SearchScope.Subtree;
            search.Filter = "(sAMAccountName=" + txtUserName.Text.Trim() + ")";
            SearchResultCollection results = search.FindAll();

            UserPrincipal userP = UserPrincipal.FindByIdentity(ctx, txtUserName.Text.Trim());

            if (userP != null && results != null)
            {
                //Get the user's groups
                var groups = userP.GetAuthorizationGroups();
                if (groups.Count(x => x.Name == ConfigurationManager.AppSettings["UserGroup"].ToString()) > 0)
                {
                    //Successful login code here
                }
                else
                {
                    //"Access Denied !";
                }
            }
            else
            {
                //"User Name or Password is incorrect. Try again !"
            }
        }
    }
    catch
    {
        //"User Name or Password is incorrect. Try again !"
    }
相关问题
最新问题