源自客户端“ onload”的LDAP查询

Question

I have asked previous questions but I think I got too far into pre-conceived notions that I ruled out other options. I'm going to start over:

I have tools which are developed and maintained in HTML and JavaScript. What I would like to do is automate the collection of user data. The users are currently filling in their information and we are storing them in cookies for 6 months. However, If I can have them skip the step of manually inputting this information it'll be a small time savings.

If I'm going to be using something server-side I'll be using Microsoft Web Server 2012 with IIS 8.5.

What I would like to know is: What is the best approach in terms of language?

Is the best approach a client AJAX call to ASP.Net page which writes the user data back into JSON format? Should I try authenticated queries or non-authenticated queries? I'm lost.

I need recommendations and some guidance with where and how to get started/what I need to learn.

Update: To be clear, I'm looking for a solution that will be external to my existing code. Something that I can access externally (eg AJAX comes to mind) and have it spit back (AD data point indicators): givenName, sn, displayName, telephoneNumber, title.

Answer 1

There are multiple layers to this. I order to securely pass data between the client and server, you need to use HTTPS. You can buy a certificate from several websites, but for development lets create a self-signed certificate. In IIS, go to server>Server Certificates>Create Self-Signed Certificate..., enter a name and click on OK.

Now we need to use that certificate. Go to Sites>Add Web Site..., give it a site name, a physical path, in the Binding section, set Type to https, and select the certificate we made in SSL Certificates. Click OK.

If you don't have visual studio, get the express version from https://www.visualstudio.com/vs/visual-studio-express/ . Once installed, open Visual Studio. Go to File>New Website..., choose Visual C#>ASP.NET Web Site, and click OK.

In the Solution Explorer, expand Account and double click on Login.aspx. In the main panel, click on Split to get a view of the HTML and what it will render like. Click on the Log In button. In the Properties panel, click on the lightning bolt to get to actions and double click in the Click option.

In here, we will use DirectoryServices, which needs to be referenced in your project. Right click on the project in Solution Explorer, select Add Reference.... In the .NET tab, select System.DirectoryServices and System.DirectoryServices.AccountManagement, and click OK. Now in Account/Login.aspx.cs in LoginButton_Click enter:

bool validUser;
    PrincipalContext ctx  = new PrincipalContext(ContextType.Domain);
    validUser = ctx.ValidateCredentials(this.LoginUser.UserName, this.LoginUser.Password);
    if (validUser) {
        // Do you stuff here.
    }

You now have the very basic LDAP enabled website.