基于邮件分发列表的Resticted Web访问。 [英] Resticted web access based on mail distribution list.
问题描述
是否有办法将托管网络项目的访问权限仅限于邮件分发列表(DL)中的特定人员。
Is there any way to restrict the access to the hosted web project only to a particular person those are in mail distribution list(DL).
这可以是在IIS中完成安全性。如果是,则需要设置所有内容。
Can this be done with security in IIS. if yes, what all need to be set.
或在C#中检查是否在DL中,如果不是response.redirect到其他页面。
or in C# like check if in DL, if not response.redirect to other page.
推荐答案
以下内容是一种令人费解,丑陋,效率低下的方式....它运作得很好:
在web.config文件中 -
< pre>
< appSettings>
< add key =" LDAPRoot" value =" LDAP:// OU = Users,OU = MyOU,OU = HigherOU,DC = One,DC = Two,DC = Three,DC = Four" / >
< add key =" LDAPGRoot" value =" LDAP:// OU = Distribution 列表,OU = MyOU,OU = HigherOU,DC = One,DC = 2,DC = 3,DC = 4"/> ;
< add key =" GoodDL" value =" SomeDistroList@email.addy.com " />
What follows is a convoluted, ugly, inefficient way of doing it....that works just fine:
In the web.config file -
<pre>
<appSettings>
<add key="LDAPRoot" value="LDAP://OU=Users,OU=MyOU,OU=HigherOU,DC=One,DC=Two,DC=Three,DC=Four"/>
<add key="LDAPGRoot" value="LDAP://OU=Distribution Lists,OU=MyOU,OU=HigherOU,DC=One,DC=Two,DC=Three,DC=Four"/>
<add key="GoodDL" value="SomeDistroList@email.addy.com" />
< / appSettings>
< / pre>
</appSettings>
</pre>
在您的网页背后的代码中 -
In the code behind of your web page -
< pre>
使用System;
使用System.Collections.Generic;
使用System.DirectoryServices;
使用System.Collections;
使用System.Configuration;
<pre>
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.Collections;
using System.Configuration;
命名空间WebApplication6
{
public partial class _Default:System.Web.UI.Page
{
namespace WebApplication6
{
public partial class _Default : System.Web.UI.Page
{
public string GetUserEmail(string SAMAccountName,string LDAPRoot)
{
字符串电子邮件="";
public string GetUserEmail(string SAMAccountName, string LDAPRoot)
{
string Email = "";
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
使用(searchRoot)
{
DirectorySearcher ds = new DirectorySearcher(
searchRoot,
"(sAMAccountName =" + SAMAccountName +")",
new string [] {" sAMAccountName"}
);
using (searchRoot)
{
DirectorySearcher ds = new DirectorySearcher(
searchRoot,
"(sAMAccountName=" + SAMAccountName + ")",
new string[] { "sAMAccountName" }
);
ds.SizeLimit = 1;
ds.SizeLimit = 1;
SearchResult sr = null;
SearchResult sr = null;
使用(SearchResultCollection src = ds.FindAll())
{
if(src.Count> 0)
sr = src [0];
}
using (SearchResultCollection src = ds.FindAll())
{
if (src.Count > 0)
sr = src[0];
}
ds.Dispose();
ds.Dispose();
if(sr!= null)
{
电子邮件=(字符串)sr.GetDirectoryEntry()。属性[" mail"]。值;
}
}
searchRoot.Dispose();
返回电子邮件;
}
if (sr != null)
{
Email = (string)sr.GetDirectoryEntry().Properties["mail"].Value;
}
}
searchRoot.Dispose();
return Email;
}
public string Whoami()
{
string str,sIdx;
int idx;
str = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;
idx = str.IndexOf(" \\");
sIdx = idx.ToString();
return str.Substring(idx + 1);
}
public string Whoami()
{
string str, sIdx;
int idx;
str = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;
idx = str.IndexOf("\\");
sIdx = idx.ToString();
return str.Substring(idx + 1);
}
private string GetDN(string mail,string LDAPRoot)
{
string DN ="" ;;
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
DirectorySearcher search = new DirectorySearcher(searchRoot,"(mail =" + mail +")");
private string GetDN(string mail, string LDAPRoot)
{
string DN = "";
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
DirectorySearcher search = new DirectorySearcher(searchRoot, "(mail=" + mail + ")");
SearchResult sr = search.FindOne();
searchRoot.Dispose();
if(sr!= null)
试试
{
DN = sr.Properties [" distinguishedName"] [0] .ToString();
}
catch {}
返回DN;
}
SearchResult sr = search.FindOne();
searchRoot.Dispose();
if (sr != null)
try
{
DN = sr.Properties["distinguishedName"][0].ToString();
}
catch { }
return DN;
}
私人名单< string> GetGroup(字符串DN,字符串LDAPRoot)
{
列表与LT;串GT; MemberList = new List< string>();
private List<string> GetGroup(string DN, string LDAPRoot)
{
List<string> MemberList = new List<string>();
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
DirectorySearcher search = new DirectorySearcher(searchRoot,"(distinguishedName =" + DN +")");
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
DirectorySearcher search = new DirectorySearcher(searchRoot, "(distinguishedName=" + DN + ")");
SearchResult sr = search.FindOne();
searchRoot.Dispose();
if(sr!= null)
试试
{
foreach(sr.Properties中的字符串[" memberOf"])
MemberList.Add(s);
}
catch {}
SearchResult sr = search.FindOne();
searchRoot.Dispose();
if (sr != null)
try
{
foreach (String s in sr.Properties["memberOf"])
MemberList.Add(s);
}
catch { }
return MemberList;
}
return MemberList;
}
private string GetEmail(string DN,string LDAPRoot)
{
字符串电子邮件="" ;;
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
DirectorySearcher search = new DirectorySearcher(searchRoot,"(distinguishedName =" + DN +")");
private string GetEmail(string DN, string LDAPRoot)
{
string Email = "";
DirectoryEntry searchRoot = new DirectoryEntry(LDAPRoot);
DirectorySearcher search = new DirectorySearcher(searchRoot, "(distinguishedName=" + DN + ")");
SearchResult sr = search.FindOne();
searchRoot.Dispose();
if(sr!= null)
试试
{
Email = sr.Properties [" mail"] [0] .ToString();
}
catch {}
返回电子邮件;
}
SearchResult sr = search.FindOne();
searchRoot.Dispose();
if (sr != null)
try
{
Email = sr.Properties["mail"][0].ToString();
}
catch { }
return Email;
}
public string AllMyEmails(string Email,string LDAPRoot,string LDAPGRoot)
{
列表与LT;串GT; GroupList = new List< string>();
列表与LT;串GT; MemberList = new List< string>();
ArrayList groupMemberships = new ArrayList();
string DN = GetDN(Email,LDAPRoot); //获取用户DN
GroupList = GetGroup(DN,LDAPRoot); //获取群组的DN
foreach(GroupList中的字符串S)
{
string nEmail = GetEmail(S,LDAPGRoot); //收到群组的电子邮件
if(nEmail.Trim()!="")
MemberList.Add(nEmail);
}
MemberList.Add(电子邮件);
string InClause ="" ;;
foreach(MemberList中的字符串E)
{
InClause + ="'" + E +"',";
$
}
InClause ="(" + InClause.Remove(InClause.LastIndexOf(","))+")" ;;
return InClause; // MemberList;
}
public string AllMyEmails(string Email, string LDAPRoot, string LDAPGRoot)
{
List<string> GroupList = new List<string>();
List<string> MemberList = new List<string>();
ArrayList groupMemberships = new ArrayList();
string DN = GetDN(Email, LDAPRoot);//get user DN
GroupList = GetGroup(DN, LDAPRoot);//get DN of groups
foreach (string S in GroupList)
{
string nEmail = GetEmail(S, LDAPGRoot);//get email of group
if (nEmail.Trim() != "")
MemberList.Add(nEmail);
}
MemberList.Add(Email);
string InClause = "";
foreach (string E in MemberList)
{
InClause += "'" + E + "', ";
}
InClause = "(" + InClause.Remove(InClause.LastIndexOf(", ")) + ")";
return InClause;// MemberList;
}
protected void Page_Load(object sender,EventArgs e)
{
字符串SAMAccountName = Whoami();
string LDAPRoot = ConfigurationManager.AppSettings [" LDAPRoot"]。ToString();
string LDAPGRoot = ConfigurationManager.AppSettings [" LDAPGRoot"]。ToString();
字符串MyEmail = GetUserEmail(SAMAccountName,LDAPRoot);
字符串MyEmails = AllMyEmails(MyEmail,LDAPRoot,LDAPGRoot);
protected void Page_Load(object sender, EventArgs e)
{
string SAMAccountName = Whoami();
string LDAPRoot = ConfigurationManager.AppSettings["LDAPRoot"].ToString();
string LDAPGRoot = ConfigurationManager.AppSettings["LDAPGRoot"].ToString();
string MyEmail = GetUserEmail(SAMAccountName, LDAPRoot);
string MyEmails = AllMyEmails(MyEmail, LDAPRoot, LDAPGRoot);
string AuthorizedDL = ConfigurationManager.AppSettings [" GoodDL"]。ToString();
string AuthorizedDL = ConfigurationManager.AppSettings["GoodDL"].ToString();
if(!MyEmails.Contains(AuthorizedDL))
{
Response.Redirect(" http://www.google.com ",true);
  ;&NBSP;&NBSP;&NBSP;&NBSP; }
/ *
*做你通常在这里做的任何事情
* / b
}¥b $ b }
}
< / pre>
if (!MyEmails.Contains(AuthorizedDL))
{
Response.Redirect("http://www.google.com", true);
}
/*
* do whatever you would normally do here
*/
}
}
}
</pre>
"AllMyEmails""函数返回一个字符串短语,用于SQL"IN"中。但是也适用于此。
The "AllMyEmails" function returns a string phrase for use in an SQL "IN" clause, but works just fine for this, too.
显然,所有的组检查功能都可以而且应该放在一个单独的类中。
Obviously, all the group-checking functions can and should be put in a separate class.
这篇关于基于邮件分发列表的Resticted Web访问。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!