MVC 5绕过Windows身份验证用户身份验证的用户
[英]MVC 5 Bypass Forms Authentication for Windows Authenticated users
问题描述
I already have a website written using MVC 5 and it uses form authentication using SQL Server . 
我已经有一个使用MVC 5编写的网站,它使用SQL Server表单身份验证。
Now is it possible that I can bypass Forms Authentication for users that are already on office network. 现在我可以绕过已经在办公室网络上的用户的Forms Authentication 。 Also I want to keep track of user and apply rules similar to Forms Authentication . 此外,我想跟踪用户并应用类似于Forms Authentication规则。 Thanks. 谢谢。
1 个解决方案
解决方案1
1 2015-12-14 05:33:02
Yes you can do that. 是的,你可以这么做。 Here's the code to check user in domain. 这是检查域中用户的代码。 First get the domain name and try to verify user with domain. 首先获取域名并尝试使用域验证用户。 If this fails then proceed to forms authentication. 如果失败,则继续进行表单身份验证。
public static string DomainControllerName { get; private set; }
public static string ComputerName { get; private set; }
public static string DomainName { get; private set; }
public static string DomainPath
{
get
{
bool bFirst = true;
StringBuilder sbReturn = new StringBuilder(200);
string[] strlstDc = DomainName.Split('.');
foreach (string strDc in strlstDc)
{
if (bFirst)
{
sbReturn.Append("DC=");
bFirst = false;
}
else
sbReturn.Append(",DC=");
sbReturn.Append(strDc);
}
return sbReturn.ToString();
}
}
public static string RootPath
{
get
{
return string.Format("LDAP://{0}/{1}", DomainName, DomainPath);
}
}
Domain domain = null;
DomainController domainController = null;
try
{
domain = Domain.GetCurrentDomain();
DomainName = domain.Name;
domainController = domain.PdcRoleOwner;
DomainControllerName = domainController.Name.Split('.')[0];
ComputerName = Environment.MachineName;
}
finally
{
if (domain != null)
domain.Dispose();
if (domainController != null)
domainController.Dispose();
}
try
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
DirectoryEntry root = new DirectoryEntry(RootPath, txtUserName.Text.Trim(), txtPassword.Text);
DirectorySearcher search = new DirectorySearcher(root);
search.SearchScope = SearchScope.Subtree;
search.Filter = "(sAMAccountName=" + txtUserName.Text.Trim() + ")";
SearchResultCollection results = search.FindAll();
UserPrincipal userP = UserPrincipal.FindByIdentity(ctx, txtUserName.Text.Trim());
if (userP != null && results != null)
{
//Get the user's groups
var groups = userP.GetAuthorizationGroups();
if (groups.Count(x => x.Name == ConfigurationManager.AppSettings["UserGroup"].ToString()) > 0)
{
//Successful login code here
}
else
{
//"Access Denied !";
}
}
else
{
//"User Name or Password is incorrect. Try again !"
}
}
}
catch
{
//"User Name or Password is incorrect. Try again !"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.