基于邮件分发列表的Resticted Web访问。 [英] Resticted web access based on mail distribution list.

问题描述

是否有办法将托管网络项目的访问权限仅限于邮件分发列表（DL）中的特定人员。

Is there any way to restrict the access to the hosted web project only to a particular person those are in mail distribution list(DL).

这可以是在IIS中完成安全性。如果是，则需要设置所有内容。

Can this be done with security in IIS. if yes, what all need to be set.

或在C＃中检查是否在DL中，如果不是response.redirect到其他页面。

or in C# like check if in DL, if not response.redirect to other page.

 

推荐答案

以下内容是一种令人费解，丑陋，效率低下的方式....它运作得很好：


在web.config文件中 -

< pre>

< appSettings>

  < add key =" LDAPRoot" value =" LDAP：// OU = Users，OU = MyOU，OU = HigherOU，DC = One，DC = Two，DC = Three，DC = Four" / >


  < add key =" LDAPGRoot" value =" LDAP：// OU = Distribution 列表，OU = MyOU，OU = HigherOU，DC = One，DC = 2，DC = 3，DC = 4"/> ;


  < add key =" GoodDL" value =" SomeDistroList@email.addy.com " />

What follows is a convoluted, ugly, inefficient way of doing it....that works just fine:
In the web.config file -
<pre>
<appSettings>
  <add key="LDAPRoot" value="LDAP://OU=Users,OU=MyOU,OU=HigherOU,DC=One,DC=Two,DC=Three,DC=Four"/>
  <add key="LDAPGRoot" value="LDAP://OU=Distribution Lists,OU=MyOU,OU=HigherOU,DC=One,DC=Two,DC=Three,DC=Four"/>
  <add key="GoodDL" value="SomeDistroList@email.addy.com" />

< / appSettings>

< / pre>

</appSettings>
</pre>

在您的网页背后的代码中 -

In the code behind of your web page -

< pre>

使用System;

使用System.Collections.Generic;

使用System.DirectoryServices;

使用System.Collections;

使用System.Configuration;

<pre>
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.Collections;
using System.Configuration;

命名空间WebApplication6

{

  public partial class _Default：System.Web.UI.Page

  {

namespace WebApplication6
{
  public partial class _Default : System.Web.UI.Page
  {

    public string GetUserEmail（string SAMAccountName，string LDAPRoot）

    {

     字符串电子邮件="";

    public string GetUserEmail(string SAMAccountName, string LDAPRoot)
    {
      string Email = "";

      DirectoryEntry searchRoot = new DirectoryEntry（LDAPRoot）;

      DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);

     使用（searchRoot）

      {

        DirectorySearcher ds = new DirectorySearcher（

            searchRoot，

            "（sAMAccountName =" + SAMAccountName +"）"，

             new string [] {" sAMAccountName"}

            ）;

      using (searchRoot)
      {
        DirectorySearcher ds = new DirectorySearcher(
            searchRoot,
            "(sAMAccountName=" + SAMAccountName + ")",
            new string[] { "sAMAccountName" }
            );

        ds.SizeLimit = 1;

        ds.SizeLimit = 1;

        SearchResult sr = null;

        SearchResult sr = null;

       使用（SearchResultCollection src = ds.FindAll（））

        {

          if（src.Count> 0）

            sr = src [0];

        }

        using (SearchResultCollection src = ds.FindAll())
        {
          if (src.Count > 0)
            sr = src[0];
        }

        ds.Dispose（）;

        ds.Dispose();

        if（sr！= null）

        {

         电子邮件=（字符串）sr.GetDirectoryEntry（）。属性[" mail"]。值;

        }
      }
      searchRoot.Dispose（）;

     返回电子邮件;

    }

        if (sr != null)
        {
          Email = (string)sr.GetDirectoryEntry().Properties["mail"].Value;
        }
      }
      searchRoot.Dispose();
      return Email;
    }

    public string Whoami（）

    {

      string str，sIdx;

      int idx;

      str = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;

      idx = str.IndexOf（" \\"）;

      sIdx = idx.ToString（）;

      return str.Substring（idx + 1）;

    }

    public string Whoami()
    {
      string str, sIdx;
      int idx;
      str = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;
      idx = str.IndexOf("\\");
      sIdx = idx.ToString();
      return str.Substring(idx + 1);
    }

    private string GetDN（string mail，string LDAPRoot）

    {

      string DN ="" ;;

      DirectoryEntry searchRoot = new DirectoryEntry（LDAPRoot）;

      DirectorySearcher search = new DirectorySearcher（searchRoot，"（mail =" + mail +"）"）;

    private string GetDN(string mail, string LDAPRoot)
    {
      string DN = "";
      DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
      DirectorySearcher search = new DirectorySearcher(searchRoot, "(mail=" + mail + ")");

      SearchResult sr = search.FindOne（）;

      searchRoot.Dispose（）;

      if（sr！= null）

       试试
        {

          DN = sr.Properties [" distinguishedName"] [0] .ToString（）;

        }
        catch {}

     返回DN;

    }

      SearchResult sr = search.FindOne();
      searchRoot.Dispose();
      if (sr != null)
        try
        {
          DN = sr.Properties["distinguishedName"][0].ToString();
        }
        catch { }
      return DN;
    }

   私人名单< string> GetGroup（字符串DN，字符串LDAPRoot）

    {

     列表与LT;串GT; MemberList = new List< string>（）;

    private List<string> GetGroup(string DN, string LDAPRoot)
    {
      List<string> MemberList = new List<string>();

      DirectoryEntry searchRoot = new DirectoryEntry（LDAPRoot）;

      DirectorySearcher search = new DirectorySearcher（searchRoot，"（distinguishedName =" + DN +"）"）;

      DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
      DirectorySearcher search = new DirectorySearcher(searchRoot, "(distinguishedName=" + DN + ")");

      SearchResult sr = search.FindOne（）;

      searchRoot.Dispose（）;

      if（sr！= null）

       试试
        {

          foreach（sr.Properties中的字符串[" memberOf"]）

            MemberList.Add（s）;

        }
        catch {}

      SearchResult sr = search.FindOne();
      searchRoot.Dispose();
      if (sr != null)
        try
        {
          foreach (String s in sr.Properties["memberOf"])
            MemberList.Add(s);
        }
        catch { }

      return MemberList;

    }

      return MemberList;
    }

    private string GetEmail（string DN，string LDAPRoot）

    {

     字符串电子邮件="" ;;

      DirectoryEntry searchRoot = new DirectoryEntry（LDAPRoot）;

      DirectorySearcher search = new DirectorySearcher（searchRoot，"（distinguishedName =" + DN +"）"）;

    private string GetEmail(string DN, string LDAPRoot)
    {
      string Email = "";
      DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
      DirectorySearcher search = new DirectorySearcher(searchRoot, "(distinguishedName=" + DN + ")");

      SearchResult sr = search.FindOne（）;

      searchRoot.Dispose（）;

      if（sr！= null）

       试试
        {

          Email = sr.Properties [" mail"] [0] .ToString（）;

        }
        catch {}

     返回电子邮件;

    }

      SearchResult sr = search.FindOne();
      searchRoot.Dispose();
      if (sr != null)
        try
        {
          Email = sr.Properties["mail"][0].ToString();
        }
        catch { }
      return Email;
    }

    public string AllMyEmails（string Email，string LDAPRoot，string LDAPGRoot）

    {

     列表与LT;串GT; GroupList = new List< string>（）;

     列表与LT;串GT; MemberList = new List< string>（）;

      ArrayList groupMemberships = new ArrayList（）;

      string DN = GetDN（Email，LDAPRoot）; //获取用户DN

      GroupList = GetGroup（DN，LDAPRoot）; //获取群组的DN

      foreach（GroupList中的字符串S）

      {

        string nEmail = GetEmail（S，LDAPGRoot）; //收到群组的电子邮件

        if（nEmail.Trim（）！=""）

          MemberList.Add（nEmail）;

      }
      MemberList.Add（电子邮件）;

      string InClause ="" ;;

      foreach（MemberList中的字符串E）

      {

        InClause + ="'" + E +"'，";
$
      }
      InClause ="（" + InClause.Remove（InClause.LastIndexOf（"，"））+"）" ;;

      return InClause; // MemberList;

    }

    public string AllMyEmails(string Email, string LDAPRoot, string LDAPGRoot)
    {
      List<string> GroupList = new List<string>();
      List<string> MemberList = new List<string>();
      ArrayList groupMemberships = new ArrayList();
      string DN = GetDN(Email, LDAPRoot);//get user DN
      GroupList = GetGroup(DN, LDAPRoot);//get DN of groups
      foreach (string S in GroupList)
      {
        string nEmail = GetEmail(S, LDAPGRoot);//get email of group
        if (nEmail.Trim() != "")
          MemberList.Add(nEmail);
      }
      MemberList.Add(Email);
      string InClause = "";
      foreach (string E in MemberList)
      {
        InClause += "'" + E + "', ";
      }
      InClause = "(" + InClause.Remove(InClause.LastIndexOf(", ")) + ")";
      return InClause;// MemberList;
    }

    protected void Page_Load（object sender，EventArgs e）

    {

     字符串SAMAccountName = Whoami（）;

      string LDAPRoot = ConfigurationManager.AppSettings [" LDAPRoot"]。ToString（）;

      string LDAPGRoot = ConfigurationManager.AppSettings [" LDAPGRoot"]。ToString（）;

     字符串MyEmail = GetUserEmail（SAMAccountName，LDAPRoot）;

     字符串MyEmails = AllMyEmails（MyEmail，LDAPRoot，LDAPGRoot）;

    protected void Page_Load(object sender, EventArgs e)
    {
      string SAMAccountName = Whoami();
      string LDAPRoot = ConfigurationManager.AppSettings["LDAPRoot"].ToString();
      string LDAPGRoot = ConfigurationManager.AppSettings["LDAPGRoot"].ToString();
      string MyEmail = GetUserEmail(SAMAccountName, LDAPRoot);
      string MyEmails = AllMyEmails(MyEmail, LDAPRoot, LDAPGRoot);

      string AuthorizedDL = ConfigurationManager.AppSettings [" GoodDL"]。ToString（）;

      string AuthorizedDL = ConfigurationManager.AppSettings["GoodDL"].ToString();

      if（！MyEmails.Contains（AuthorizedDL））

      {

        Response.Redirect（" http://www.google.com "，true）;

  ;&NBSP;&NBSP;&NBSP;&NBSP; }
      / *

       *做你通常在这里做的任何事情

       * / b
    }¥b $ b  }
}

< / pre>

      if (!MyEmails.Contains(AuthorizedDL))
      {
        Response.Redirect("http://www.google.com", true);
      }
      /*
       * do whatever you would normally do here
       */
    }
  }
}
</pre>

"AllMyEmails""函数返回一个字符串短语，用于SQL"IN"中。但是也适用于此。

The "AllMyEmails" function returns a string phrase for use in an SQL "IN" clause, but works just fine for this, too.

显然，所有的组检查功能都可以而且应该放在一个单独的类中。

Obviously, all the group-checking functions can and should be put in a separate class.

这篇关于基于邮件分发列表的Resticted Web访问。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！