使用ASP.NET无需用户名和密码即可获取Active Directory信息 [英] Get Active Directory Information with ASP.NET without username and password

问题描述

我正在尝试从ASP.NET Web应用程序获取本地网络上用户的Active Directory信息.该Web应用程序正在本地网络上的IIS上运行.

I am trying to get users' Active Directory information on the local network, from an ASP.NET Web Application. The Web Application is running on an IIS on the local network.

我想要的是:用户登录网站时，可以从Active Directory中看到其姓名，姓氏，用户名，电子邮件和图片.问题是，当他们进入他们的网站时，Web应用程序正在询问用户名和密码.用户在打开PC时已经输入了用户名和密码.因此，他们不需要再做一次.

What I want: When users log into the website, they can see their name, surname, username, email and picture from Active Directory. The problem is, when they enter their website, the web application is asking for username and password. Users have already entered their username and password when turning on their PCs. So they shouldn't need to do it again.

用户使用其用户名和密码登录PC. 我可以通过以下方式获取域和用户名:

Users login to PCs with their username and password. I can get domain and username with:

string adInfo = Request.ServerVariables["LOGON_USER"];

我还可以在测试System.DirectoryServices时在调试时在本地PC上获取Active Directory信息，但是当其他用户在本地尝试该Web应用程序时，将显示用户名和密码对话框.

Also I can get Active Directory info on my local PC on debug when testing System.DirectoryServices, but when other users try this web app in local, the username and password dialog appears.

我该如何做到使用户能够在不输入用户名和密码的情况下进入其网站?

How can I make it so that users are able to enter their website without entering their username and password?

我在这里尝试了所有示例，但是找不到任何解决方案.我想我错过了一些重要的事情.

I tried all samples here, but I can not find any solution. I think I am missing some important things.

推荐答案

您需要对网站使用 Windows 身份验证模式.

you need to use Windows authentication mode for your website.

<system.web>
    <authentication mode="Windows" />
    <authorization>
        <deny users="?" /> <!-- disable anonymous authentication -->
    </authorization>
</system.web>

...，然后在当前用户的上下文下使用LDAP查询以获取有关该用户的扩展信息:

... and then use LDAP query under current user's context to get extended information about the user:

using System.DirectoryServices;

using (var de = new DirectoryEntry("LDAP://DC=MYDOMAIN,DC=COM"))
using (var ds = new DirectorySearcher(de))
{
  ds.Filter = string.Format("(sAMAccountName={0})", HttpContext.Current.User.Identity.Name);
  ds.PropertiesToLoad.AddRange(new [] {
            "sn",  // last name
            "givenName",  // first name
            "mail",  // email
            "telephoneNumber",  // phone number
            // etc - add other properties you need
            });
  var res = ds.FindOne();

  foreach (string propName in res.Properties.PropertyNames)
  {
    ResultPropertyValueCollection valueCollection = res.Properties[propName];
    foreach (Object propertyValue in valueCollection)
    {
         Console.WriteLine("Property: " + propName + ": " + propertyValue.ToString());
    }
  }
}

这篇关于使用ASP.NET无需用户名和密码即可获取Active Directory信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！