-1

我有一个项目,我需要使用活动目录登录到用 asp.net 制作的网站,我按照本教程....

来自 ASP .NET 的 Active Directory 身份验证

现在我想获取用户组,我尝试了 default.aspx.vb 页面中的下一个代码,但不起作用..

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name))

    Dim id As FormsIdentity = CType(User.Identity, FormsIdentity)

    If id IsNot Nothing Then

        Dim ticket As FormsAuthenticationTicket = id.Ticket
        Response.Write("<p/>TicketName: " + ticket.Name)
        Response.Write("<br/>Cookie Path: " + ticket.CookiePath)
        Response.Write("<br/>Ticket Expiration: " + ticket.Expiration.ToString())
        Response.Write("<br/>Expired: " + ticket.Expired.ToString())
        Response.Write("<br/>Persistent: " + ticket.IsPersistent.ToString())
        Response.Write("<br/>IssueDate: " + ticket.IssueDate.ToString())
        Response.Write("<br/>UserData: " + ticket.UserData)
        Response.Write("<br/>Version: " + ticket.Version.ToString())
    End If
End Sub
4

2 回答 2

2

我找到了一个更好的解决方案,比我在互联网上找到的任何答案都更容易。

首先,我创建一个类来验证用户是否在活动目录中的组中:

Imports System.Security.Principal   

Public Class AutorizationFun
    Dim access As Boolean = False
    Dim id As WindowsIdentity = WindowsIdentity.GetCurrent()
    Public User As WindowsPrincipal = New WindowsPrincipal(id)

区域“组验证”

'Belongs to sample group
Private Function inSampleGroup() As Boolean
    Return User.IsInRole("bth0\GG BTUC-SAMPLEGROUP")
End Function
Private Function inSampleGroup2() As Boolean
    Return User.IsInRole("bth0\GG BTUC-SAMPLEGROUP2")
End Function

结束区域

Public Function ProgramsAccsess(ByVal vPage As String) As Boolean
    access = False

    Select Case vPage
        Case "~/Sample.aspx"
            If inSampleGroup() Then
                access = True
            End If
        '---------------------------------------------------------------------
    End Select
    '*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    'access = True
    '*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    Return access
End Function   

End Class

然后你必须在所有页面后面的代码中创建一个函数:

'create var
    Dim ValidateUser As New AutorizationFun

    Protected Sub VerifyAccessPage()
        If ValidateUser.ProgramsAccsess(Request.AppRelativeCurrentExecutionFilePath) = False Then
            Response.Redirect("~/DeniedAccess.aspx")
        End If
    End Sub

并完成必须使用 Page_load 事件中的函数:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        'check whether page is postback or not            
        If Not Page.IsPostBack Then
            VerifyAccessPage()
        End If
    End Sub
于 2012-11-22T21:30:22.110 回答
0

如果您的服务器在 Windows 域中,它应该连接到 Active Directory,因此通过使用 Windows 身份验证,您已经使用 AD 凭据登录(因为用户之前必须在域中,否则浏览器将要求提供 AD 凭据)

要获取用户组,您可以使用DirectorySearcher类,显然当您

于 2012-11-16T19:25:57.787 回答