ASP.NET MVC - 当IIS不在域中时对AD用户进行身份验证

Question

当托管IIS不在域中时，是否有人可以在ASP.NET MVC中为我提供Active Directory身份验证的工作示例。

这是我的控制器的代码。在我的机器上，在域中，我可以毫无问题地进行身份验证。但是，当我将应用程序发布到我的局域网但不在域中的IIS服务器时，我无法再进行身份验证。

using System;
using System.Collections.Generic;
using System.DirectoryServices.AccountManagement;
using System.Linq;
using System.Security.Claims;
using System.Web;
using login;
using Microsoft.Owin.Security;

namespace login.Models
{
    public class AdAuthenticationService
    {
        public class AuthenticationResult
        {
            public AuthenticationResult(string errorMessage = null)
            {
            ErrorMessage = errorMessage;
        }

        public String ErrorMessage { get; private set; }
        public Boolean IsSuccess => String.IsNullOrEmpty(ErrorMessage);
    }

    private readonly IAuthenticationManager authenticationManager;

    public AdAuthenticationService(IAuthenticationManager authenticationManager)
    {
        this.authenticationManager = authenticationManager;
    }



    public AuthenticationResult SignIn(String username, String password)
    {

        ContextType authenticationType = ContextType.Domain;
        ContextOptions _options = ContextOptions.ServerBind;

        PrincipalContext principalContext = new PrincipalContext(authenticationType, @"DC_hostname:3268");

        bool isAuthenticated = false;
        UserPrincipal userPrincipal = null;
        try
        {
            //isAuthenticated = principalContext.ValidateCredentials(username, password, ContextOptions.Negotiate);
            isAuthenticated = principalContext.ValidateCredentials(username, password);
            if (isAuthenticated)
            {
                userPrincipal = UserPrincipal.FindByIdentity(principalContext, username);
            }
        }
        catch (Exception)
        {
            isAuthenticated = false;
            userPrincipal = null;
        }

        if (!isAuthenticated || userPrincipal == null)
        {
            return new AuthenticationResult("Wrong Username or Password.");
        }

        if (userPrincipal.IsAccountLockedOut())
        {

            return new AuthenticationResult("Your account is locked.");
        }

        if (userPrincipal.Enabled.HasValue && userPrincipal.Enabled.Value == false)
        {

            return new AuthenticationResult("Your account is disabled");
        }

        var identity = CreateIdentity(userPrincipal);

        authenticationManager.SignOut(MyAuthentication.ApplicationCookie);
        authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);


        return new AuthenticationResult();
    }


    private ClaimsIdentity CreateIdentity(UserPrincipal userPrincipal)
    {
        var identity = new ClaimsIdentity(MyAuthentication.ApplicationCookie, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
        identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Active Directory"));
        identity.AddClaim(new Claim(ClaimTypes.Name, userPrincipal.SamAccountName));
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.SamAccountName));
        if (!String.IsNullOrEmpty(userPrincipal.EmailAddress))
        {
            identity.AddClaim(new Claim(ClaimTypes.Email, userPrincipal.EmailAddress));
        }

        // add your own claims if you need to add more information stored on the cookie

        return identity;
    }
}
}

在我的IIS上，我启用了匿名和基本身份验证。其他所有内容都在AU身份验证方面被禁用。

任何帮助都将不胜感激。

何