我需要使用MVC 5在我的应用程序中实现表单和Windows身份验证的混合模式身份验证
这意味着我需要在不使用ASP.NET成员资格提供程序的情况下实现Active Directory身份验证。
似乎您想将活动目录用户用作ASP.NET Identity用户。准备一个用于UserLogin信息的方法(用于添加到ASPNET Idenity)
private UserLoginInfo GetWindowsLoginInfo(string userId, string password)
{
string result = IsValidADUser(userId, password);
return result != "" ? new UserLoginInfo("Windows", result) : null;
}
并创建一种针对活动目录进行验证的方法
private string IsValidADUser(string userName, string password)
{
String adServerName = "LDAP://<<your LDAP String>>";
var sid = "";
try
{
var directoryEntry = new DirectoryEntry();
if (!string.IsNullOrEmpty(adServerName))
{
directoryEntry.Path = adServerName;
directoryEntry.Username = userName;
directoryEntry.Password = password;
directoryEntry.AuthenticationType = AuthenticationTypes.Secure;
}
else
{
throw new Exception("Invalid AD");
}
if (directoryEntry.NativeObject != null)
{
// Verify the user is locked or not
DirectorySearcher searcher = new DirectorySearcher(directoryEntry);
searcher.Filter = "(SAMAccountName=" + userName + ")";
searcher.CacheResults = false;
SearchResult result = searcher.FindOne();
if (result == null || result.Properties["lockoutTime"][0].ToString() != "0")
{
throw new Exception("User Account is locked");
}
else
{
var sidInBytes = (byte[])result.Properties["objectSid"][0];
sid = new SecurityIdentifier(sidInBytes, 0).ToString();
//isValidUser = true;
}
}
}
catch (Exception ex)
{
throw new Exception("AD:" + ex.Message);
}
return sid;
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句