活动目录身份验证

发布于 2024-12-01 10:04:37 字数 637 浏览 0 评论 0原文

我在asp.net中制作了一个Web应用程序。在我的项目中，身份验证是通过匹配数据库中的用户名和密码来完成的。但现在客户要求我在Active Directory身份验证的帮助下自动登录应用程序。客户询问建议我使用 AD 中用户的电子邮件 ID 进行身份验证。

我尝试获取 AD 中的记录，我可以获取用户的全名，但无法获取电子邮件 ID，

我尝试了代码：

 System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
  string[] a = Context.User.Identity.Name.Split('\\');

  System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
  string Name = ADEntry.Properties["FullName"].Value.ToString();

此外，我使用 DirectorySearcher 但它生成了无法在客户端服务器中搜索记录的错误..

原文

I am have made one web application in asp.net.In my project Authentication was done by matching the username and password in database.But now client ask me for the auto login in application with the help Of Active Directory authentication. Client ask suggest me to use the Email Id of user in AD for the authentication.

I tried to fetch the records in the AD, I could fetch the Fullname of user but I couldn't get the Email id,

I tried the code:

 System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
  string[] a = Context.User.Identity.Name.Split('\\');

  System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
  string Name = ADEntry.Properties["FullName"].Value.ToString();

Further more I Use DirectorySearcher but it genterates Error that Coulnot search the record in the client server..

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

新人笑 2024-12-08 10:04:37

我在为一家公司制作门户网站时遇到了完全相同的情况。
如果他们不希望您进入他们的 AD，那么您可以请求获得门户访问权限的人员的 NTLogins。创建一个简单的表，其中包含 NTLogin，并使用正在访问门户的系统进行身份验证。
查看我使用的示例代码。

// Checking if the user opening this page is listed in the allowed user list against their NT login.
        String sUser = Request.ServerVariables["LOGON_USER"].ToLower();
        sUser = sUser.Replace("wt\\", "");

        //Authentication using a custom auth method.
        DatabaseOperations authenticateUser = new DatabaseOperations();
        if (!authenticateUser.authenticate(sUser))
        {
            //unauthorized users will be redirected to access denied page.
            Server.Transfer("AccessDenied.aspx", true);
        }

并确保您的 web.config 文件中具有 Windows 身份验证模式

<authentication mode="Windows"></authentication>

希望这会有所帮助。

I had the exact same situation while making a portal for a company.
If they dont want you to get into their AD then what you can do is to request for the NTLogins of the people who will be given access to the portal. make a simple table which have their NTLogin and simply authenticate using the system from which the portal is being accessed.
Check out the sample code i used.

// Checking if the user opening this page is listed in the allowed user list against their NT login.
        String sUser = Request.ServerVariables["LOGON_USER"].ToLower();
        sUser = sUser.Replace("wt\\", "");

        //Authentication using a custom auth method.
        DatabaseOperations authenticateUser = new DatabaseOperations();
        if (!authenticateUser.authenticate(sUser))
        {
            //unauthorized users will be redirected to access denied page.
            Server.Transfer("AccessDenied.aspx", true);
        }

And making sure that you have authentication mode to windows in your web.config file

<authentication mode="Windows"></authentication>

Hope this helps.

回复收藏 0 原文

絕版丫頭 2024-12-08 10:04:37

为了读取 AD 数据，我使用这个类。它是为我们的 AD 设置的，但基本上您可以在参数中传递您想要查找的所有“字段”。
但您需要知道哪个字段包含电子邮件地址。 Sysinternals 制作了一个非常好的浏览 AD 的工具，可以找出您要查找的内容，称为 ADExplorer。

但我不明白为什么你需要看AD？如果用户在网络上，您不能假设用户已经通过身份验证，然后依赖 Windows 身份吗？

    public static Hashtable GetAttributes(string initials, params string[] Attribute)
{
    DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://ADNAME");
    DirectorySearcher ADSearcher = new DirectorySearcher(directoryEntry);
    ADSearcher.Filter = "(sAMAccountName=" + initials + ")";
    foreach (string para in Attribute)
    {
        ADSearcher.PropertiesToLoad.Add(para);
    }
    SearchResult adSearchResult = ADSearcher.FindOne();

    Hashtable hshReturns = new Hashtable();
    foreach (string para in Attribute)
    {
        string strReturn = "";
        if (adSearchResult.Properties[para].Count == 0)
            strReturn = "";
        else
            strReturn = ((ResultPropertyValueCollection)adSearchResult.Properties[para])[0].ToString();
        hshReturns.Add(para, strReturn);
    }
    return hshReturns;
}

For reading AD data, i use this class. It is setup for our AD, but basically you can just pass in all the "fields" you want to find, in the params.
But you need to know what field holds the email address. Sysinternals made a pretty good tool for browsing AD, to figure out what you are looking for, called ADExplorer.

But I don't understand why you need to look in the AD? Can you not assume that the user is already authenticated, if they are on the network, and then rely on the windows identity?

    public static Hashtable GetAttributes(string initials, params string[] Attribute)
{
    DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://ADNAME");
    DirectorySearcher ADSearcher = new DirectorySearcher(directoryEntry);
    ADSearcher.Filter = "(sAMAccountName=" + initials + ")";
    foreach (string para in Attribute)
    {
        ADSearcher.PropertiesToLoad.Add(para);
    }
    SearchResult adSearchResult = ADSearcher.FindOne();

    Hashtable hshReturns = new Hashtable();
    foreach (string para in Attribute)
    {
        string strReturn = "";
        if (adSearchResult.Properties[para].Count == 0)
            strReturn = "";
        else
            strReturn = ((ResultPropertyValueCollection)adSearchResult.Properties[para])[0].ToString();
        hshReturns.Add(para, strReturn);
    }
    return hshReturns;
}

回复收藏 0 原文

~没有更多了~