0

目前我有一种方法来检查用户是否经过身份验证,但我希望我的 ASP.net 应用程序使用默认登录名实现 ActiveDirectory 身份验证。

我目前的方法:

public bool IsAuthenticated(string user, string pass)
        {
            bool authenticated = false;
            string path = "LDAP://my path here";
            DirectoryEntry adsEntry = new DirectoryEntry(path);
            adsEntry.AuthenticationType = AuthenticationTypes.Secure;
            adsEntry.Username = user;
            adsEntry.Password = pass;
            DirectorySearcher adsSearcher = new DirectorySearcher(adsEntry);
            adsSearcher.Filter = "(sAMAccountName=" + user + ")";

            try
            {
                SearchResult adsSearchResult = adsSearcher.FindOne();
                authenticated = true;
                adsEntry.Close();
            }
            catch (Exception ex)
            {
                // Failed to authenticate. Most likely it is caused by unknown user
                // id or bad strPassword.
                //strError = ex.Message;
                adsEntry.Close();
            }

            return authenticated;

尝试在 web.config 中实现登录功能,我写了以下内容: 

    <membership defaultProvider="MembershipADProvider">
      <providers>
        <add
          name="MembershipADProvider"
          type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, 
            Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                    connectionStringName="ADConnectionString"
                    />

      </providers>
    </membership>

它似乎正在连接到 LDAP 服务器,因为它会抛出一个Bad username or password valdiation error. 另一方面,我不确定它是否甚至连接到服务器,因为该服务器在 3 次不正确的身份验证尝试后阻止了其他每个应用程序上的用户,而这并没有发生。我不确定是否必须将属性添加connectionUsernameconnectionPasswordweb.config 或让Login命令在登录时用每个用户名/密码填充它们。任何帮助,将不胜感激。

4

1 回答 1

0

我使用的是相同类型的设置,我可以从配置中的代码中看到的唯一区别是我添加了 attributeMapUsername 属性。

<membership defaultProvider="MembershipADProvider">
  <providers>
    <add name="MembershipADProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         attributeMapUsername="sAMAccountName"
    />
  </providers>
</membership>

在后面的代码中,我只是通过会员提供程序检查验证,如下所示。

// Connect to the proper membership provider based on the domain name entered by the user.
MembershipProvider provider = Membership.Providers["MembershipADProvider"];

// Check if the domain provider exists.
if ( provider != null )
{
    // Validate the user based on the credentials they entered.
    if ( provider.ValidateUser( username, password ) )
    {
        // Authenticate the user and redirect them to the return URL.
        FormsAuthentication.SetAuthCookie( username, false );
        Response.Redirect( returnUrl );
    }
}
于 2012-07-31T16:01:40.397 回答