我在C#web应用程序中使用DirectoryEntry方法进行LDAP登录设置。以下代码是我到目前为止的代码。这将允许任何拥有AD帐户的人登录。我需要将其限制在名为“commonusers”的组中的人员。
public Boolean ValidateUser(string userName, string password)
{
string path = "LDAP://domain.company.org";
DirectoryEntry dirEntry = new DirectoryEntry(path, userName, password, AuthenticationTypes.Secure);
try
{
DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);
dirSearcher.FindOne();
return true;
// If it returns the data then the User is validated otherwise it will automatically shift to catch block and return false
}
catch
{
return false;
}
登录按钮使用以下代码:
protected void Button1_Click(object sender, EventArgs e)
{
{
Boolean boolresult = ValidateUser(TextBox_username.Text, TextBox_password.Text);
if (boolresult)
{
Label_loginstatus.Text = "Redirecting";
Response.Redirect("medsearch.aspx");
}
else
{
Label_loginstatus.Text = "Invalid username/password! Please try again.";
}
}
}
是否可以将检查“commonusers”组的用户帐户的功能添加到其中一个功能中?
答案 0 :(得分:0)
您希望捕获FindOne()调用的结果,以查找您关注的任何属性值:
DirectoryEntry dirEntry = new DirectoryEntry(path, userName, password, AuthenticationTypes.Secure);
object obj = de.NativeObject; // This will force the authentication
// Search for the user's directory entry
DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);
dirSearcher.Filter = "(SAMAccountName=" + userName + ")";
dirSearcher.PropertiesToLoad.Add("member");
SearchResult searchResult = dirSearcher.FindOne();
if (searchResult != null)
{
if (searchResult.Properties["member"] != null && searchResult.Properties["member"].Contains("commonusers"))
{
return true;
}
}
return false;
有关如何从Active Directory中获取数据的详细信息,建议您访问www.selfadsi.org
答案 1 :(得分:0)
如果在.NET 4上,您可以使用此方法,您可以使用try / catch:
private bool ValidateAgainstADAndGroup(string username, string password, string groupname)
{
var ok = false;
using (var pc = new PrincipalContext(ContextType.Domain, "mydomain.lan"))
{
if (pc.ValidateCredentials(username, password))
{
//User is alright
using (var searcher = new PrincipalSearcher(new UserPrincipal(pc)))
{
searcher.QueryFilter.SamAccountName = username;
Principal u = searcher.FindOne();
foreach (Principal p in u.GetGroups())
{
if (p.Name == groupname)
{
//User is in group
ok= true;
}
}
}
}
}
return ok;
}
您可以更改以返回两种类型的错误:NotAuthenticated OR Authenticated - 但不在组中