Question

我想从活动目录中获取授权用户的登录页面。当用户输入错误的详细信息时，页面需要显示“无效用户”，如果输入正确的正确详细信息，请转到主页。

这里提到了我的代码。当我运行此代码时，页面显示“无效用户”，即使我输入了正确的登录详细信息。

protected void Button1_Click1(object sender, EventArgs e)
        {

            string dominName = "ldap://domain.com:121";
            string userName = "guest";
            string password = "testlogin";

            if (true == AuthenticateUser(dominName, userName, password))
            {
                Response.Redirect("default.aspx");
            }
            else
            {
                Response.Write("Invalid user name or Password!");
            }

        }

        public bool AuthenticateUser(string domain, string username, string password)
        {
            DirectoryEntry entry = new DirectoryEntry(domain, username, password);
            try
            {
                DirectorySearcher search = new DirectorySearcher(entry);
                search.Filter = "(sAMAccountName=" + username + ")";
                search.PropertiesToLoad.Add("cn");
                Response.Write(domain);
                SearchResult result = search.FindOne();

                if (null == result)
                {
                    return false;
                }

            }
            catch (Exception ex)
            {
                return false;
                throw new Exception("Error authenticating user." + ex.Message);
            }
            return true;
        }

找到上面的代码我犯了什么错误。请为此提供最佳解决方案......

Answer 1

您可以从 PrincipalContext 获取。如果您有特定域，则可能需要查看this示例代码。

public bool ValidateCredentials(string userName, string password)
{
    userName = userName.EnsureNotNull();
    userName = userName.Trim();

    password = password.EnsureNotNull();
    password = password.Trim();

    using (var context = new PrincipalContext(ContextType.Domain))
    {
        return context.ValidateCredentials(userName, password);
    }
}

public bool IsUserInAdGroup(string userName, string adGroupName)
{
    bool result = false;
    userName = userName.EnsureNotNull();
    userName = userName.Trim();

    using (var context = new PrincipalContext(ContextType.Domain))
    {
        var user = UserPrincipal.FindByIdentity(context, userName);
        if (user != null)
        {
            var group = GroupPrincipal.FindByIdentity(context, adGroupName);
            if (group != null)
            {
                if (user.IsMemberOf(group))
                {
                    result = true;
                }
            }
        }
    }
    return result;
}

Answer 2

最后我从this网站获得了该解决方案。上面的代码稍有变化。现在它的工作非常完美。

protected void Button1_Click1(object sender, EventArgs e)
        {

            string dominName = "ldap://domain.com";
            string userName = "guest";
            string password = "testlogin";

            if (true == AuthenticateUser(dominName, userName, password))
            {
                Response.Redirect("default.aspx");
            }
            else
            {
                Response.Write("Invalid user name or Password!");
            }

        }

private bool AuthenticateUser( string domain, string userName, string password)
{
    bool authentic = false;
    try
    {
        DirectoryEntry entry = new DirectoryEntry(domain, userName, password);
        entry.Path = "LDAP://OU=allsuers,OU=users,DC=domain,DC=com";
        DirectorySearcher searcher = new DirectorySearcher(entry)
        {
            PageSize = int.MaxValue,
            Filter = "(sAMAccountName=" + userName + ")"
        };

        var result = searcher.FindOne();

        if (result == null) {
            return true; 
        }

    }
    catch (DirectoryServicesCOMException) { }
    return authentic;
}

谢谢大家。谁都支持这样做。

如何使用c＃从asp.net中的活动目录获取授权用户？

2 个答案: