1

在我的 MVC5 应用程序中,我曾经通过仅检查用户是否存在于Active Directory. 现在,我想使用另一种类似的方法:我将usernameand发送passwordactive directory,如果用户存在于其中,它应该返回一些active directory信息,即用户的Name, Surname, Department。那么,如何在Controller和中定义这种身份验证web.config

网络配置:

<configuration>
  <system.web>
    <httpCookies httpOnlyCookies="true" />
    <authentication mode="Forms">
      <forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="45" slidingExpiration="false" protection="All" />
    </authentication>
    <membership defaultProvider="ADMembershipProvider">
      <providers>
        <clear />
        <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="myadmin@company" connectionPassword="MyPassword" />
      </providers>
    </membership>
  </system.web>
  <connectionStrings>
    <!-- for LDAP -->
    <add name="ADConnectionString" connectionString="LDAP://adadfaf.my.company:111/DC=my,DC=company" />
  </connectionStrings>
</configuration>


控制器:

[AllowAnonymous]
[ValidateAntiForgeryToken]
[HttpPost]
public ActionResult Login(User model, string returnUrl)
{
    if (!this.ModelState.IsValid)
    {
        return this.View(model);
    }       

    //At here I need to retrieve some user data from Active Directory instead of hust a boolean result
    if (Membership.ValidateUser(model.UserName, model.Password))
    {
        //On the other hand I am not sure if this cookie lines are enough or not. Should I add some additional lines?
        FormsAuthentication.SetAuthCookie(model.UserName, false); 
        if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
            && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
        {
            return this.Redirect(returnUrl);
        }
        return this.RedirectToAction("Index", "Issue");
    }

    TempData["message"] = "The user name or password provided is incorrect.";
    return this.View(model);
}
4

1 回答 1

0

我所做的是创建一个类“会话用户”,其中包含用户 ID、登录名并能够验证用户凭据。

在本课程中,您还必须放置/调用方法/属性以获取部门、姓氏等...

public class SesssionUser
{
    [Key]
    [Required]
    public int UserId { get; set; }
    [Required]
    public string LoginName { get; set; }
    [Required]
    [DataType(DataType.Password)]
    public string Password { get; set; }


    private Boolean IsAuth{ get; set; }
    public string Department
    { 
        get { 
        return GetDepartment();
        }
    }

    private string GetDepartment()
    {
        if(!IsAuth) { return null; }
        //Gets the department.
    }

    private bool Authenticate(string userName,string password, string domain)
    {
        bool authentic = false;
        try
        {
            DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,
            userName, password);
            object nativeObject = entry.NativeObject;
            authentic = true;
        }
            catch (DirectoryServicesCOMException) { }
            return authentic;
     }

    /// <summary>
    /// Validates the user in the AD
    /// </summary>
    /// <returns>true if the credentials are correct else false</returns>
    public Boolean ValidateUser()
    {
        IsAuth = Authenticate(LoginName,Password,"<YourDomain>");
        return IsAuth;
    }
}

下一步是创建一个控制器,在我的例子中是“AccountController”,它处理用户的登录和注销。它使用 FormsAuthentication 来设置身份验证。饼干。

using System;
using System.Globalization;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using System.Web.Security;

using MVCErrorLog.Models;

//My class
using Admin.ActiveDirectoryHelper.Objects;

using MVCErrorLog.ViewModels;

namespace MVCErrorLog.Controllers
{

    public class AccountController : Controller
    {
        public ActionResult Login()
        {
            return View();
        }

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Login(string username, string pw)
        {
            if (!ModelState.IsValid) { return RedirectToAction("Index", "Home"); }

            var sessionUser = new SesssionUser();
            sessionUser.LoginName = username;
            sessionUser.Password = pw;
            sessionUser.UserId = 1;

            if (!sessionUser.ValidateUser()) { return View("Login"); }
            FormsAuthentication.SetAuthCookie(sessionUser.LoginName, true);
            return RedirectToAction("Index", "ErrorLogs");
        }

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();

            return RedirectToAction("Index", "ErrorLogs");
        }


        private SesssionUser SetupFormsAuthTicket(SesssionUser user, bool persistanceFlag)
        {
            var userData = user.UserId.ToString(CultureInfo.InvariantCulture);
            var authTicket = new FormsAuthenticationTicket(1, //version
                                user.LoginName, // user name
                                DateTime.Now,             //creation
                                DateTime.Now.AddMinutes(30), //Expiration
                                persistanceFlag, //Persistent
                                userData);

            var encTicket = FormsAuthentication.Encrypt(authTicket);
            Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
            return user;
        }


        protected override void Dispose(bool disposing)
        {
            if (disposing)
            {

            }

            base.Dispose(disposing);
        }
    }
}

最后一步是配置conf。文件以使用身份验证。模式形式

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="1440" /> <!--1440min = 24hours-->
</authentication>

现在你只需要在视图中调用 Login 并传递参数就可以了。

于 2015-09-17T07:12:11.733 回答