使用 ASP.NET 获取 Active Directory 信息，无需用户名和密码 [英] Get Active Directory Information with ASP.NET without username and password

问题描述

我正在尝试从 ASP.NET Web 应用程序获取本地网络上用户的 Active Directory 信息.Web 应用程序在本地网络上的 IIS 上运行.

I am trying to get users' Active Directory information on the local network, from an ASP.NET Web Application. The Web Application is running on an IIS on the local network.

我想要的:当用户登录网站时，他们可以从 Active Directory 中看到他们的姓名、姓氏、用户名、电子邮件和图片.问题是，当他们进入他们的网站时，Web 应用程序要求输入用户名和密码.用户在打开 PC 时已经输入了用户名和密码.所以他们不应该再这样做了.

What I want: When users log into the website, they can see their name, surname, username, email and picture from Active Directory. The problem is, when they enter their website, the web application is asking for username and password. Users have already entered their username and password when turning on their PCs. So they shouldn't need to do it again.

用户使用其用户名和密码登录 PC.我可以通过以下方式获取域和用户名:

Users login to PCs with their username and password. I can get domain and username with:

string adInfo = Request.ServerVariables["LOGON_USER"];

在测试 System.DirectoryServices 时，我还可以在调试时在本地 PC 上获取 Active Directory 信息，但是当其他用户在本地尝试此 Web 应用程序时，会出现用户名和密码对话框.

Also I can get Active Directory info on my local PC on debug when testing System.DirectoryServices, but when other users try this web app in local, the username and password dialog appears.

我怎样才能让用户无需输入用户名和密码就可以进入他们的网站?

How can I make it so that users are able to enter their website without entering their username and password?

我在这里尝试了所有示例，但找不到任何解决方案.我想我错过了一些重要的事情.

I tried all samples here, but I can not find any solution. I think I am missing some important things.

推荐答案

您需要为您的网站使用 Windows 身份验证模式.

you need to use Windows authentication mode for your website.

<system.web>
    <authentication mode="Windows" />
    <authorization>
        <deny users="?" /> <!-- disable anonymous authentication -->
    </authorization>
</system.web>

...然后在当前用户的上下文中使用 LDAP 查询来获取有关用户的扩展信息:

... and then use LDAP query under current user's context to get extended information about the user:

using System.DirectoryServices;

using (var de = new DirectoryEntry("LDAP://DC=MYDOMAIN,DC=COM"))
using (var ds = new DirectorySearcher(de))
{
  ds.Filter = string.Format("(sAMAccountName={0})", HttpContext.Current.User.Identity.Name);
  ds.PropertiesToLoad.AddRange(new [] {
            "sn",  // last name
            "givenName",  // first name
            "mail",  // email
            "telephoneNumber",  // phone number
            // etc - add other properties you need
            });
  var res = ds.FindOne();

  foreach (string propName in res.Properties.PropertyNames)
  {
    ResultPropertyValueCollection valueCollection = res.Properties[propName];
    foreach (Object propertyValue in valueCollection)
    {
         Console.WriteLine("Property: " + propName + ": " + propertyValue.ToString());
    }
  }
}

这篇关于使用 ASP.NET 获取 Active Directory 信息，无需用户名和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！