2011-10-31 87 views
3

我有一個Web應用程序,我有一個登錄頁面。如何對活動目錄用戶進行身份驗證?針對活動目錄中的用戶進行身份驗證?

截至目前我能夠從活動目錄中得到一些屬性,從而得出結論我能夠用AD與LDAP字符串進行通信。我知道無法從AD中提取密碼並對用戶輸入的密碼進行身份驗證! 。

有沒有一種方法可以對活動目錄用戶進行身份驗證?

這裏是我到目前爲止的代碼

 public class Userdetails 
{ 
    public static string ADPath = ConfigurationManager.AppSettings.Get(「ADPath」); // Get the ADAM Path from web config fiel 
    public static string ADUser = ConfigurationManager.AppSettings.Get(「ADUser」); //ADAM Administrator 
    public static string ADPassword = ConfigurationManager.AppSettings.Get(「ADPassword」); //ADAM Administrator password 

public static DirectoryEntry GetUserDetails(string userID) 
{ 
     AuthenticationTypes AuthTypes; // Authentication flags. 
     // Set authentication flags. 
     // For non-secure connection, use LDAP port and 
     // ADS_USE_SIGNING | 
     // ADS_USE_SEALING | 
     // ADS_SECURE_AUTHENTICATION 
     // For secure connection, use SSL port and 
     // ADS_USE_SSL | ADS_SECURE_AUTHENTICATION 
     AuthTypes = AuthenticationTypes.Signing | 
      AuthenticationTypes.Sealing | 
      AuthenticationTypes.Secure; 
     DirectoryEntry De = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthTypes); 
    DirectorySearcher Ds = new DirectorySearcher(De); 
    SearchResult Sr; 
    Ds.SearchScope = SearchScope.Subtree; 
    Ds.Filter = 「(&(objectclass=*)(cn= 」 + userID + 「))」; 
    Sr = Ds.FindOne(); 
    if (!(Sr == null)) 
    { 
     De = new DirectoryEntry(Sr.Path, ADUser, ADPassword, AuthTypes); 
     return De; 
    } 
    else 
    { 
     return null; 
    } 
} 
+0

Active Directory服務器將能夠接收用戶名和密碼,並告訴你,如果這是正確的密碼與否,不啓用可逆的密碼。所以它應該是可能的。 – jishi

+0

您使用的是什麼版本的C#? – chilltemp

+0

我正在使用C#3.5 – Macnique

回答

7

http://msdn.microsoft.com/en-us/library/bb299745.aspx

http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.aspx

http://msdn.microsoft.com/en-us/magazine/cc135979.aspx

public bool Validate(string username, string password) 
    { 

     //ex PrincipalContext principalContext = new PrincipalContext(ContextType.ApplicationDirectory,"sea-dc-02.fabrikam.com:50001","ou=ADAM Users,o=microsoft,c=us",ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind,"CN=administrator,OU=ADAM Users,O=Microsoft,C=US","[email protected]"); 

     try 
     { 
      using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, Configuration.Config.ActiveDirectory.PrimaryServer, Configuration.Config.ActiveDirectory.Container, ContextOptions.Negotiate)) 
      { 
       return principalContext.ValidateCredentials(username, password); 
      } 
     } 
     catch (PrincipalServerDownException) 
     { 
      Debug.WriteLine("PrimaryServer={0};Container={1}", Configuration.Config.ActiveDirectory.PrimaryServer, Configuration.Config.ActiveDirectory.Container); 
      Debug.WriteLine("LDAP://{0}/{1}", Configuration.Config.ActiveDirectory.PrimaryServer, Configuration.Config.ActiveDirectory.Container); 
      throw; 
     } 
+0

你在哪裏找到'Configuration.Config .ActiveDirectory.PrimaryServer'和'Configuration.Config.ActiveDirectory.Container'? – ja72

+0

對不起,這是我的代碼設置,我忘了帶走。它們是代表服務器和容器名稱的常量/變量,該示例具有演示值 – Brian

1

創建帶有密碼的新的DirectoryEntry和使用它與一個的DirectorySearcher將驗證日密碼,如果失敗則拋出異常。一個重要的例外是空/空密碼。大多數LDAP服務器(我認爲包含AD)會在密碼參數爲空或空時忽略密碼參數。所以你應該先測試一下。

Old MSDN sample

相關問題