当前位置: 文江博客话题详情

如何判断为什么集成 Windows 身份验证在 ASP.NET 中失败

发布于 2024-08-16 09:13:05 字数 323 浏览 2 评论 0原文

在我们的 ASP.NET Intranet 应用程序中,我们使用 Windows 身份验证来对用户进行身份验证。

我们最近收到一个请求,要求向用户提供无法登录的原因。例如,告诉用户他们无法登录,因为他们的密码已过期,而他们无法登录,因为他们的帐户被锁定。

当帐户被锁定或密码过期时,用户无法登录应用程序。尝试登录 3 次后,IIS 将拒绝访问并将用户重定向到拒绝访问 (401) 页面。由于当 IIS 身份验证失败时,用户名不会传递到 Web 应用程序,因此我们无法检查帐户是否被锁定或密码是否已过期。

关于如何获取此信息有什么建议吗? 我们是否必须转向 AD 提供商的表单身份验证?

原文

In our asp.net intranet application we are using windows authentication to authenticate the users.

We have recently had a request to give the user a reason for why they cannot login. For example, tell the user they can't login because their password has expired vs they can't login because their account is locked out.

When an account is locked out or the password has expired, the user cannot log on to the application. IIS will deny the access and redirect the user to the Access Denied (401) page after 3 login attempts. As the username is not passed to web application when IIS authentication fails, we won’t be able to check if the account is locked out or the password has expired.

Any suggestions on how to get this information?
Are we going to have to move to Forms authentication with an AD provider?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

心的憧憬 2024-08-23 09:13:05

解决此问题的简单方法是转向表单身份验证。但我知道您不想听到这个,并且这是不允许的或可行的解决方案,您的下一个选择是:

查看System.DirectoryServices

下面我是只需粘贴一些您可以使用的快速代码。请注意如何确定用户是否被锁定。这是 vb.net,但可以轻松更改为 C#。

  Try
            Dim dirEntry As DirectoryEntry
                     dirEntry = New DirectoryEntry("LDAP://yourDomainInfoHere/OU=Users,OU=YourDomain,OU=YourOU,OU=CORP,DC=YourDC,DC=com", "ExecuateAsUser", "Password")

            Dim entries As DirectoryEntries = dirEntry.Children
            ' Set login name and full name. 
            Dim newUser As DirectoryEntry = entries.Add("CN=JONNY BOY", "User")

            newUser.Properties("sAMAccountName").Add("jboy")
            newUser.CommitChanges()
            newUser.Invoke("SetPassword", "hi2343145gfdtgwdt")
            Dim flags As Integer

            flags = CInt(newUser.Properties("userAccountControl").Value)

            'enable user below
            newUser.Properties("userAccountControl").Value = flags And Not &H2

            'disable user below
            newUser.Properties("userAccountControl").Value = flags Or &H1


            'lockout property
            Dim l As Long
            l = CType(newUser.Properties("lockoutTime").Value, Long)

            If l <> 0 Then
                'account is locked out

                'so how do we unlock it?
                'we unlock it by setting it to 0
                newUser.Properties("lockoutTime").Value = 0
            Else
                'account is 0 it is NOT locked out

            End If

            newUser.CommitChanges()

            Dim j As DirectoryEntry = entries.Find("CN=JONNY BOY", "User")
            j.Properties("mail").Value = "[email protected]"
            j.CommitChanges()
        Catch ex As Exception
            Throw ex
        End Try

The simple solution to this is to move to forms authentication. But being that I know you did not want to hear that and it is not allowed or a viable solution your next option is to:

Look into System.DirectoryServices

Below I'm just pasting some quick code you can play with. Notice how to determine if a user is locked out or not. This is vb.net but can be easily changed to C#.

  Try
            Dim dirEntry As DirectoryEntry
                     dirEntry = New DirectoryEntry("LDAP://yourDomainInfoHere/OU=Users,OU=YourDomain,OU=YourOU,OU=CORP,DC=YourDC,DC=com", "ExecuateAsUser", "Password")

            Dim entries As DirectoryEntries = dirEntry.Children
            ' Set login name and full name. 
            Dim newUser As DirectoryEntry = entries.Add("CN=JONNY BOY", "User")

            newUser.Properties("sAMAccountName").Add("jboy")
            newUser.CommitChanges()
            newUser.Invoke("SetPassword", "hi2343145gfdtgwdt")
            Dim flags As Integer

            flags = CInt(newUser.Properties("userAccountControl").Value)

            'enable user below
            newUser.Properties("userAccountControl").Value = flags And Not &H2

            'disable user below
            newUser.Properties("userAccountControl").Value = flags Or &H1


            'lockout property
            Dim l As Long
            l = CType(newUser.Properties("lockoutTime").Value, Long)

            If l <> 0 Then
                'account is locked out

                'so how do we unlock it?
                'we unlock it by setting it to 0
                newUser.Properties("lockoutTime").Value = 0
            Else
                'account is 0 it is NOT locked out

            End If

            newUser.CommitChanges()

            Dim j As DirectoryEntry = entries.Find("CN=JONNY BOY", "User")
            j.Properties("mail").Value = "[email protected]"
            j.CommitChanges()
        Catch ex As Exception
            Throw ex
        End Try
回复 原文
~没有更多了~

关于作者

給妳壹絲溫柔

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

謌踐踏愛綪

文章 0 评论 0

开始看清了

文章 0 评论 0

高速公鹿

文章 0 评论 0

alipaysp_PLnULTzf66

文章 0 评论 0

热情消退

文章 0 评论 0

白色月光

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文