[英]Login authentication asp.net with active directory
我有一個項目,我需要使用活動目錄登錄到在 asp.net 中制作的網站,我按照本教程....
來自 ASP .NET 的 Active Directory 身份驗證
現在我想獲取用戶組,我嘗試了 default.aspx.vb 頁面中的下一個代碼,但不起作用。
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name))
Dim id As FormsIdentity = CType(User.Identity, FormsIdentity)
If id IsNot Nothing Then
Dim ticket As FormsAuthenticationTicket = id.Ticket
Response.Write("<p/>TicketName: " + ticket.Name)
Response.Write("<br/>Cookie Path: " + ticket.CookiePath)
Response.Write("<br/>Ticket Expiration: " + ticket.Expiration.ToString())
Response.Write("<br/>Expired: " + ticket.Expired.ToString())
Response.Write("<br/>Persistent: " + ticket.IsPersistent.ToString())
Response.Write("<br/>IssueDate: " + ticket.IssueDate.ToString())
Response.Write("<br/>UserData: " + ticket.UserData)
Response.Write("<br/>Version: " + ticket.Version.ToString())
End If
End Sub
我找到了一個更好的解決方案,比我在互聯網上找到的任何答案都容易。
首先,我創建一個類來驗證用戶是否在活動目錄中的組中:
Imports System.Security.Principal
Public Class AutorizationFun
Dim access As Boolean = False
Dim id As WindowsIdentity = WindowsIdentity.GetCurrent()
Public User As WindowsPrincipal = New WindowsPrincipal(id)
'Belongs to sample group
Private Function inSampleGroup() As Boolean
Return User.IsInRole("bth0\GG BTUC-SAMPLEGROUP")
End Function
Private Function inSampleGroup2() As Boolean
Return User.IsInRole("bth0\GG BTUC-SAMPLEGROUP2")
End Function
Public Function ProgramsAccsess(ByVal vPage As String) As Boolean
access = False
Select Case vPage
Case "~/Sample.aspx"
If inSampleGroup() Then
access = True
End If
'---------------------------------------------------------------------
End Select
'*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
'access = True
'*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Return access
End Function
End Class
然后你必須在所有頁面后面的代碼中創建一個函數:
'create var
Dim ValidateUser As New AutorizationFun
Protected Sub VerifyAccessPage()
If ValidateUser.ProgramsAccsess(Request.AppRelativeCurrentExecutionFilePath) = False Then
Response.Redirect("~/DeniedAccess.aspx")
End If
End Sub
並完成必須在 Page_load 事件中使用該函數:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'check whether page is postback or not
If Not Page.IsPostBack Then
VerifyAccessPage()
End If
End Sub
如果您的服務器在 Windows 域中,它應該連接到 Active Directory,因此通過使用 Windows 身份驗證,您已經使用 AD 憑據登錄(因為用戶之前必須在域中,否則瀏覽器將要求提供 AD 憑據)
要獲取用戶組,您可以使用DirectorySearcher類,顯然當您
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.