验证对Active Directory中的用户? [英] Authenticate against a user in active directory?
问题描述
我有一个Web应用程序在那里我有一个登录page.How做我验证对Active Directory用户?
截至目前,我能够从活动目录中,其中得出结论我能够与AD与LDAP string.I沟通知道它不可能提取AD密码和验证对用户输入的密码,获得一些属性!。
有没有一种方法,我可以对Active Directory用户进行身份验证?
下面是我的code到目前为止
公共类的UserDetails
{
公共静态字符串ADPath = ConfigurationManager.AppSettings.Get(ADPath); //从web配置FIEL的ADAM路径
公共静态字符串ADUser便有= ConfigurationManager.AppSettings.Get(ADUser便有); // ADAM管理员
公共静态字符串ADPassword = ConfigurationManager.AppSettings.Get(ADPassword); // ADAM管理员密码
公共静态的DirectoryEntry GetUserDetails(字符串用户ID)
{
AuthenticationTypes使用authTypes; //认证标志。
//设置身份验证标志。
//对于非安全连接,使用LDAP端口和
// ADS_USE_SIGNING |
// ADS_USE_SEALING |
// ADS_SECURE_AUTHENTICATION
//对于安全连接,使用SSL端口和
// ADS_USE_SSL | ADS_SECURE_AUTHENTICATION
使用authTypes = AuthenticationTypes.Signing |
AuthenticationTypes.Sealing |
AuthenticationTypes.Secure;
的DirectoryEntry DE =新的DirectoryEntry(ADPath,ADUser便有ADPassword,使用authTypes);
DirectorySearcher从DS =新DirectorySearcher从(德);
信息搜索结果锶;
Ds.SearchScope = SearchScope.Subtree;
Ds.Filter =(及(对象类= *)(CN =+用户ID +));
锶= Ds.FindOne();
如果(!(锶== NULL))
{
DE =新的DirectoryEntry(Sr.Path,ADUser便有ADPassword,使用authTypes);
返回德;
}
其他
{
返回null;
}
}
如果你要对AD只认证,不具备执行其他AD-具体操作,你为什么不坚持使用内置 ActiveDirectoryMembershipProvider
,而不是写一个自定义的code?
请看看:
<一个href="http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx" rel="nofollow">http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx
I do have a web application where i have a login page.How do i authenticate against the active directory users ?
As of now i am able to get some properties from the active directory,which concludes i am able to communicate with AD with LDAP string.I know its not possible to extract password from AD and authenticate against user entered password !!.
Is there a way i can authenticate against the active directory users ?
Here is my code so far
public class Userdetails
{
public static string ADPath = ConfigurationManager.AppSettings.Get("ADPath"); // Get the ADAM Path from web config fiel
public static string ADUser = ConfigurationManager.AppSettings.Get("ADUser"); //ADAM Administrator
public static string ADPassword = ConfigurationManager.AppSettings.Get("ADPassword"); //ADAM Administrator password
public static DirectoryEntry GetUserDetails(string userID)
{
AuthenticationTypes AuthTypes; // Authentication flags.
// Set authentication flags.
// For non-secure connection, use LDAP port and
// ADS_USE_SIGNING |
// ADS_USE_SEALING |
// ADS_SECURE_AUTHENTICATION
// For secure connection, use SSL port and
// ADS_USE_SSL | ADS_SECURE_AUTHENTICATION
AuthTypes = AuthenticationTypes.Signing |
AuthenticationTypes.Sealing |
AuthenticationTypes.Secure;
DirectoryEntry De = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthTypes);
DirectorySearcher Ds = new DirectorySearcher(De);
SearchResult Sr;
Ds.SearchScope = SearchScope.Subtree;
Ds.Filter = "(&(objectclass=*)(cn= " + userID + "))";
Sr = Ds.FindOne();
if (!(Sr == null))
{
De = new DirectoryEntry(Sr.Path, ADUser, ADPassword, AuthTypes);
return De;
}
else
{
return null;
}
}
If you are going to only authenticate against the AD and do not have to perform other AD-specific operations, why don't you stick with the built-in ActiveDirectoryMembershipProvider
instead of writing a custom code?
Please take a look:
http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx
这篇关于验证对Active Directory中的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!