![](/img/trans.png)
[英]Impersonate a Active Directory user in MVC application with Windows Authentication
[英]Active Directory Authentication with Retrieving User Data in MVC
在我的MVC5應用程序中,我過去僅通過檢查用戶是否存在於Active Directory
來應用以下方法。 現在,我想使用另一種方法:將username
和password
發送到active directory
,如果用戶存在,則它應該返回一些active directory
信息,即用戶的Name
, Surname
, Department
。 因此,如何在Controller
和web.config
定義這種身份驗證?
web.config:
<configuration>
<system.web>
<httpCookies httpOnlyCookies="true" />
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="45" slidingExpiration="false" protection="All" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="myadmin@company" connectionPassword="MyPassword" />
</providers>
</membership>
</system.web>
<connectionStrings>
<!-- for LDAP -->
<add name="ADConnectionString" connectionString="LDAP://adadfaf.my.company:111/DC=my,DC=company" />
</connectionStrings>
</configuration>
控制器:
[AllowAnonymous]
[ValidateAntiForgeryToken]
[HttpPost]
public ActionResult Login(User model, string returnUrl)
{
if (!this.ModelState.IsValid)
{
return this.View(model);
}
//At here I need to retrieve some user data from Active Directory instead of hust a boolean result
if (Membership.ValidateUser(model.UserName, model.Password))
{
//On the other hand I am not sure if this cookie lines are enough or not. Should I add some additional lines?
FormsAuthentication.SetAuthCookie(model.UserName, false);
if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return this.Redirect(returnUrl);
}
return this.RedirectToAction("Index", "Issue");
}
TempData["message"] = "The user name or password provided is incorrect.";
return this.View(model);
}
我所做的是創建一個“會話用戶”類,其中包含UserID,LoginName並能夠驗證用戶憑據。
在本課程中,您還必須放置/調用方法/屬性以獲取部門,姓氏等等。
public class SesssionUser
{
[Key]
[Required]
public int UserId { get; set; }
[Required]
public string LoginName { get; set; }
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
private Boolean IsAuth{ get; set; }
public string Department
{
get {
return GetDepartment();
}
}
private string GetDepartment()
{
if(!IsAuth) { return null; }
//Gets the department.
}
private bool Authenticate(string userName,string password, string domain)
{
bool authentic = false;
try
{
DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,
userName, password);
object nativeObject = entry.NativeObject;
authentic = true;
}
catch (DirectoryServicesCOMException) { }
return authentic;
}
/// <summary>
/// Validates the user in the AD
/// </summary>
/// <returns>true if the credentials are correct else false</returns>
public Boolean ValidateUser()
{
IsAuth = Authenticate(LoginName,Password,"<YourDomain>");
return IsAuth;
}
}
下一步是創建一個控制器,在我的例子中是“ AccountController”,它可以處理用戶的登錄和注銷。 它使用FormsAuthentication設置身份驗證。 餅干。
using System;
using System.Globalization;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using System.Web.Security;
using MVCErrorLog.Models;
//My class
using Admin.ActiveDirectoryHelper.Objects;
using MVCErrorLog.ViewModels;
namespace MVCErrorLog.Controllers
{
public class AccountController : Controller
{
public ActionResult Login()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(string username, string pw)
{
if (!ModelState.IsValid) { return RedirectToAction("Index", "Home"); }
var sessionUser = new SesssionUser();
sessionUser.LoginName = username;
sessionUser.Password = pw;
sessionUser.UserId = 1;
if (!sessionUser.ValidateUser()) { return View("Login"); }
FormsAuthentication.SetAuthCookie(sessionUser.LoginName, true);
return RedirectToAction("Index", "ErrorLogs");
}
public ActionResult LogOff()
{
FormsAuthentication.SignOut();
return RedirectToAction("Index", "ErrorLogs");
}
private SesssionUser SetupFormsAuthTicket(SesssionUser user, bool persistanceFlag)
{
var userData = user.UserId.ToString(CultureInfo.InvariantCulture);
var authTicket = new FormsAuthenticationTicket(1, //version
user.LoginName, // user name
DateTime.Now, //creation
DateTime.Now.AddMinutes(30), //Expiration
persistanceFlag, //Persistent
userData);
var encTicket = FormsAuthentication.Encrypt(authTicket);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
return user;
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
}
base.Dispose(disposing);
}
}
}
最后一步是配置conf。 文件以使用身份驗證。 模式表格
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1440" /> <!--1440min = 24hours-->
</authentication>
現在,您只需要在視圖中調用Login並傳遞參數即可。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.