[英]ASP.NET MVC 5 Authentication based on IIS server's Windows domain
I need to create an ASP.NET MVC 5 Web Application project that will be accessible through Internet. 我需要创建一个可以通过Internet访问的ASP.NET MVC 5 Web应用程序项目。 It will run on an IIS server that belongs to a Windows Domain and already authenticates user through plain HTTP auth for some URLs (accepting domain user accounts). 它将在属于Windows域的IIS服务器上运行,并且已经通过普通的HTTP身份验证对某些URL(接受域用户帐户)对用户进行了身份验证。
For my project, I'd like to have a login page that will ask for username and password and authenticate against the same Windows domain. 对于我的项目,我希望有一个登录页面,该页面要求输入用户名和密码并针对同一Windows域进行身份验证。 The user won't login with its local Windows domain user. 该用户将无法使用其本地Windows域用户登录。 I've found references to similar questions, but using Forms authentication, or ASP.NET 2.0, and I guess it's not the way I should do it using newer infrastructure. 我已经找到了类似问题的参考,但是使用了Forms身份验证或ASP.NET 2.0,我想这不是我应该使用较新的基础结构来实现的方式。
I'm using Visual Studio 2013 Web Express and, when I create a new Project using .NET Framework 4.5 templates, it allows me to choose between No Authentication, Individual User Accounts, Organizational Accounts or Windows Authentication. 我使用的是Visual Studio 2013 Web Express,当我使用.NET Framework 4.5模板创建新项目时,它允许我在“无身份验证”,“个人用户帐户”,“组织帐户”或“ Windows身份验证”之间进行选择。
I've researched a lot before asking here but I didn't find any clue about which of the three last options will allow me to configure my app the way I want, although I think that Windows Authentication is restricted only for intranet applications. 在询问这里之前,我已经进行了很多研究,但是我没有发现任何关于最后三个选项中的哪一个可以让我以所需方式配置应用程序的任何线索,尽管我认为Windows身份验证仅限于Intranet应用程序。
In my research, I became aware of System.DirectoryServices.dll, but I'm not sure if this is the way I'd implement the authentication logic. 在我的研究中,我意识到了System.DirectoryServices.dll,但是我不确定这是否是实现身份验证逻辑的方式。
Any hints / links will be very appreciated, but sample code is always better. 任何提示/链接将不胜感激,但示例代码总是更好。
Thanks! 谢谢!
Here's a method that uses the PrincipalContext
(System.DirectoryServices.AccountManagement) to validate domain credentials. 这是一种使用PrincipalContext
(System.DirectoryServices.AccountManagement)来验证域凭据的方法。
public static bool ValidateDomainCredentials(string username, string password)
{
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
{
return false;
}
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "mydomain"))
{
return pc.ValidateCredentials(username, password);
}
}
Call this before signing in to make sure the user is in the active directory. 登录前请先调用此命令,以确保用户位于活动目录中。
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
...
var user = await UserManager.FindByNameAsync(model.Username);
if (user != null && ValidateDomainCredentials(user.user_Name, model.Password))
{
await SignInAsync(user, model.RememberMe);
return RedirectToLocal(returnUrl);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.