当前位置: 文江博客话题详情

应用程序级别 Intranet 用户的 Windows 身份验证(带有 VB 的 ASP.NET)

发布于 2024-11-29 21:42:42 字数 525 浏览 1 评论 0原文

我的公司使用 ActiveDirectory,IT 部门自然希望保持对其的控制,而不是将控制权交给其他用户。我正在使用 SQL Server 2008 数据库开发 ASP.NET 应用程序(仅供内部使用)。

我的问题是,如何最好使用 .NET 命名空间和 SQL Server 在应用程序(或可能是数据库)级别管理组织内对应用程序的访问?我希望根据 ActiveDirectory 提供的网络用户名对用户进行授权。

顺便说一句,我还想访问他们的 AD 联系信息。

根据我的理解,我可以在 System.DirectoryServices 命名空间中使用 ActiveDirectoryMembershipProvider 类或域服务。还有 LDAP,这显然是另一种可能性。我很难理解这一切,更不用说哪个是最好的选择以及如何实现它。任何人都可以为我提供一些方向和可能的一些简单的示例代码吗?

更新:抱歉,我忘了提及我正在使用 VB.NET 作为我的代码源,因为它是公司标准。

多谢! ;)

原文

My company uses ActiveDirectory, and naturally the IT department wants to maintain control over it and not give control to other users. I'm developing an ASP.NET app (for internal use only) using an SQL Server 2008 database.

My question is, how can I BEST use the .NET namespaces and SQL Server to manage access to the app within the organization at the application (or possibly DB) level? I would like the user to be authorized based on their network username as provided by ActiveDirectory.

On a side note, I would also like to access their AD contact information.

From my understanding I can use the ActiveDirectoryMembershipProvider class or Domain Services in the System.DirectoryServices namespace. There's also LDAP which apparently is another possibility. I'm having a hard time making sense of it all, and much less which is the best option and how to implement it. Can anyone provide me with some direction and possibly some simple sample code?

UPDATE: Sorry, I forgot to mention I'm using VB.NET as my code source as it's company standard.

Much obliged! ;)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

野侃 2024-12-06 21:42:42

下面是一段快速代码片段,它开启了我的 Active Directory 和 ASP.NET 永无止境的旅程。在一个小测试页面中,我放置了一个文本框并插入了 LAN ID,它会返回所有可用的 AD 字段。

    Protected Sub btnSearchUserDetails_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSearchUserDetails.Click
    Dim Entry1 As New System.DirectoryServices.DirectoryEntry("LDAP://DC=ent,DC=foo,DC=bar,DC=corp", "yourID", "yourPassword")
    Dim search As New DirectorySearcher(Entry1)
    search.Filter = [String].Format("(SAMAccountName={0})", txtSearchUser.Text)

    Dim result As SearchResult = search.FindOne()
    Dim user As DirectoryEntry = result.GetDirectoryEntry()
    PrintDirectoryEntryProperties(user)
    End Sub

Private Sub PrintDirectoryEntryProperties(ByVal entry As System.DirectoryServices.DirectoryEntry)


    'loop through all the properties and get the key for each prop


    lblPropList.Text = "<table>"
    For Each Key As String In entry.Properties.PropertyNames
        Dim sPropertyValues As String = [String].Empty
        'now loop through all the values in the property;
        'can be a multi-value property
        For Each Value As Object In entry.Properties(Key)
            sPropertyValues += Convert.ToString(Value) + ";<br>"
        Next
        'cut off the separator at the end of the value list
        sPropertyValues = sPropertyValues.Substring(0, sPropertyValues.Length - 5)
        'now add the property info to the property list

            lblPropList.Text += "<tr><td>" & Key & "</td><td>" & sPropertyValues & "</td></tr>"

    Next
    lblPropList.Text += "</table>"

End Sub

要获取当前经过身份验证的用户的 AD 登录 ID,Request.ServerVariables("LOGON_USER")Httpcontext.Current.User.Identity.Name 将成为您的朋友。请记住,如果您使用允许匿名安全访问 ASP 页,则不会填充 LOGON_USER 变量。< /a>

我将回顾我的一些笔记,并尝试找到一些我使用过的、最终对我最有帮助的资源。我可以立即告诉您《目录服务编程的 .NET 开发人员指南》一书 (亚马逊)是我每天使用的。

Here's a quick code snippet that started me on my never ending journey with Active Directory and ASP.NET. It's from a little test page that I put a text box and plugged in a LAN ID and it returns all the AD fields available.

    Protected Sub btnSearchUserDetails_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSearchUserDetails.Click
    Dim Entry1 As New System.DirectoryServices.DirectoryEntry("LDAP://DC=ent,DC=foo,DC=bar,DC=corp", "yourID", "yourPassword")
    Dim search As New DirectorySearcher(Entry1)
    search.Filter = [String].Format("(SAMAccountName={0})", txtSearchUser.Text)

    Dim result As SearchResult = search.FindOne()
    Dim user As DirectoryEntry = result.GetDirectoryEntry()
    PrintDirectoryEntryProperties(user)
    End Sub

Private Sub PrintDirectoryEntryProperties(ByVal entry As System.DirectoryServices.DirectoryEntry)


    'loop through all the properties and get the key for each prop


    lblPropList.Text = "<table>"
    For Each Key As String In entry.Properties.PropertyNames
        Dim sPropertyValues As String = [String].Empty
        'now loop through all the values in the property;
        'can be a multi-value property
        For Each Value As Object In entry.Properties(Key)
            sPropertyValues += Convert.ToString(Value) + ";<br>"
        Next
        'cut off the separator at the end of the value list
        sPropertyValues = sPropertyValues.Substring(0, sPropertyValues.Length - 5)
        'now add the property info to the property list

            lblPropList.Text += "<tr><td>" & Key & "</td><td>" & sPropertyValues & "</td></tr>"

    Next
    lblPropList.Text += "</table>"

End Sub

To get the AD login ID of the currently authenticated user Request.ServerVariables("LOGON_USER") and Httpcontext.Current.User.Identity.Name are going to be your friends. Keep in mind that the LOGON_USER variable is not populated if you use the Allow Anonymous security to access the ASP page.

I'll go back through some of my notes and try to find some of the resources that I used that ended up being the most helpful for me. Off the top of my head, I can tell you that the book "The .NET Developer's Guide to Directory Services Programming" (Amazon) was used daily by me.

回复 原文
删除→记忆 2024-12-06 21:42:42

后来我发现,Windows 身份验证模式在内网环境中运行得很好。我决定在开发时在 IIS 配置中启用此模式,并让每个页面通过网络登录自动识别用户并指向他们(或允许/禁止访问适当的页面)。请记住,我的解决方案仅适用于 Intranet/如果您位于域控制器上。

这是相关的 Web.config

<system.web>
    <authentication mode="Windows" />
    <identity impersonate="false" />
</system.web>

我认为最简单的方法是在数据库中查找用户名并找到其关联的角色/组,然后评估该角色是否应该允许他们访问 VB 代码隐藏中的请求页面。以下是如何获取用户网络用户名:

' While logged into your intranet will return "DOMAIN\username"
Dim username As String = Page.User.Identity.Name

这是一些示例 VB.NET 代码,可用于(自动)进行身份验证并允许访问给定页面(不完全是我使用的代码,只是一个示例)。

Dim role As String
Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("conString").ConnectionString)
    Dim query As New SqlCommand("select top (1) Role from Users where Username like '" + username + "'", con)
    con.Open()
    role = query.ExecuteScalar().ToString
End Using
If StrComp(role, "Admin") = 0 Then
    welcomeLabel.Text = "Welcome! You may enter"
Else
    HttpContext.Current.Server.Transfer("/Kick.aspx")
End If

我希望有些人觉得这很有用。我花了无数的时间来解决与此几乎相同的解决方案。

干杯;)

As I later come to find out, Windows authentication mode works perfectly within an intranet environment. I decided to enable this mode in my IIS configuration while developing and have each page automatically identify the user by their network login and point them (or allow/disallow access to the appropriate pages). Keep in mind that my solution ONLY works on an intranet / if you're on a domain controller.

Here's the relevant Web.config

<system.web>
    <authentication mode="Windows" />
    <identity impersonate="false" />
</system.web>

The simplest approach I think is to lookup the username in the database and find their associated role/group, then evaluate whether or not that role should give them access to the requested page in the VB codebehind. Here's how to get the users network username:

' While logged into your intranet will return "DOMAIN\username"
Dim username As String = Page.User.Identity.Name

Here's some sample VB.NET code that can be used for authenticating (automatically) and allowing access to a given page (not precisely the code I used, just a sample).

Dim role As String
Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("conString").ConnectionString)
    Dim query As New SqlCommand("select top (1) Role from Users where Username like '" + username + "'", con)
    con.Open()
    role = query.ExecuteScalar().ToString
End Using
If StrComp(role, "Admin") = 0 Then
    welcomeLabel.Text = "Welcome! You may enter"
Else
    HttpContext.Current.Server.Transfer("/Kick.aspx")
End If

I hope some people find this useful. I spent countless hours settling on a solution almost identical to this.

Cheers ;)

回复 原文
绝對不後悔。 2024-12-06 21:42:42

使用“在数据库中查找用户名并找到其关联的角色/组”的接受答案恕我直言,它忽略了整个要点。

解决方案是在 Visual Studio 中选中 NTLM 身份验证复选框(使用版本 2012 位于项目的“属性”、“Web”、“服务器”下;其他版本应该类似)。

The accepted answer using "lookup the username in the database and find their associated role/group" IMHO is missing the whole point.

The solution is to check NTLM Authentication check box in Visual Studio (using version 2012 is under project's Properties, Web, Servers; other version should be similar).

回复 原文
~没有更多了~

关于作者

亚希

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文