我正在开发一个使用基于表单的身份验证的ASP.Net Web应用程序。我正在针对Active Directory域进行身份验证。我正在成功进行身份验证,从AD获取所需信息,然后使用Response.Redirect()将用户重定向到应用程序的Default.aspx页面,但它返回到Login.aspx。我无法弄清楚出了什么问题。
这是我的登录代码(当用户输入他们的域名,用户名和密码并点击“登录”时运行):
protected void btnLogin_Click(object sender, EventArgs e)
{
string adPath = "LDAP://my.ad.path:636";
FormsAuth.LdapAuthentication adAuth = new FormsAuth.LdapAuthentication(adPath);
bool isAuthenticated = false;
//"loggedInUser" is a class to hold information about the user
loggedInUser = adAuth.LoginAndGetRequestorLoginInfo(out isAuthenticated, tbxDomain.Text, tbxUsername.Text, tbxPassword.Text);
if (isAuthenticated)
{
//Create the ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, tbxUsername.Text, DateTime.Now,
DateTime.Now.AddMinutes(60), true, tbxUsername.Text);
//Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
//Create a cookie, and then add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//Set cookie expiration to match ticket expiration
authCookie.Expires = authTicket.Expiration;
//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
//Store user information in session to use later
Session["verifiedUser"] = loggedInUser;
//Now redirect to default page
Response.Redirect("~/User/Default.aspx");
}
else
{
lblError.Text = "Authentication did not succeed. Please check your user name and password.";
lblError.Visible = true;
}
} //end method btnLogin_Click
这是LDAP身份验证代码(在单独的类中):
using System;
using System.DirectoryServices;
using System.Text;
namespace FormsAuth
{
public class LdapAuthentication
{
private string _path;
private string _filterAttribute;
public LdapAuthentication(string path)
{
_path = path;
}
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = String.Format("(SAMAccountName={0})", username);
search.PropertiesToLoad.Add("SAMAccountName");
SearchResult result = search.FindOne();
if (result == null)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (string)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
public Requestor LoginAndGetRequestorLoginInfo(out bool isAuthenticated, string domain, string username, string pwd)
{
Requestor req = new Requestor();
DirectoryEntry entry = new DirectoryEntry(_path);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = String.Format("(sAMAccountName={0})", username);
search.PropertiesToLoad.Add("sAMAccountName");
search.PropertiesToLoad.Add("cn");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("givenName");
search.PropertiesToLoad.Add("employeeID");
search.PropertiesToLoad.Add("telephoneNumber");
search.PropertiesToLoad.Add("mail");
SearchResult result = search.FindOne();
if (result == null)
{
isAuthenticated = false;
return null;
}
//Populate Requestor object with results returned from directory search
if (result.Properties["sAMAccountName"] != null && result.Properties["sAMAccountName"].Count > 0)
{
req.Login = domain + "\\" + result.Properties["sAMAccountName"][0].ToString();
}
if (result.Properties["sn"] != null && result.Properties["sn"].Count > 0)
{
req.LName = result.Properties["sn"][0].ToString();
}
if (result.Properties["givenName"] != null && result.Properties["givenName"].Count > 0)
{
req.FName = result.Properties["givenName"][0].ToString();
}
if (result.Properties["employeeID"] != null && result.Properties["employeeID"].Count > 0)
{
if (result.Properties["employeeID"][0].ToString().Length > 0)
{
req.EmployeeID = Convert.ToInt32(result.Properties["employeeID"][0].ToString());
}
}
if (result.Properties["telephoneNumber"] != null && result.Properties["telephoneNumber"].Count > 0)
{
req.Phone = result.Properties["telephoneNumber"][0].ToString();
}
if (result.Properties["mail"] != null && result.Properties["mail"].Count > 0)
{
req.Email = result.Properties["mail"][0].ToString();
}
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
isAuthenticated = true;
return req;
} //end method LoginAndGetRequestorLoginInfo
}
}
答案 0 :(得分:0)
从问题中的评论中可以看出,这是订单角色和成员在配置中被授权或被授权的问题。
授权按照声明的顺序发生。因此,即使您授权某些成员和角色,如果您以后拒绝访问所有成员和角色,也会被取消授权。
只是以一种每个人都被拒绝访问的方式完成授权,然后一些角色和成员在此之后获得授权,并且你已经完成了设置。