我做了一个简单的网站,剃刀。目前,我有基于数据库的身份验证的工作原理如下:
I am doing a simple website with Razor. Currently, I have database-based authentication that works, as follows:
在_AppStart.chtml:
In _AppStart.chtml:
WebSecurity.InitializeDatabaseConnection("db_connection",
"users", "id", "username", true);
在login.cshtml页:
In login.cshtml page:
username = Request["username"];
password = Request["password"];
if (WebSecurity.Login(username, password, true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
在受保护的CSHTML页,我有以下在页面的顶部:
In protected CSHTML pages, I have the following at the top of a page:
if (!WebSecurity.IsAuthenticated)
{
Response.Redirect("/login.cshtml");
}
一切是pretty的简单和行之有效的。现在,我想补充的AD认证。我不知道该怎么做。
Everything is pretty simple and works well. Now I would like to add authentication with AD. I don't know how to do it.
我从Java世界,具有多年的经验。对于这个简单的网站,我不需要的MVC架构。我需要类似上面的(如果可能)简单的事情。我只是需要在login.cshtml文件中做认证。我用Google搜索了很多,但无法找到一个教程(这样我可以复制和粘贴),我需要的东西。
I came from the Java world with many years of experience. For this simple website, I do not need MVC architecture. I need simple things similar to the above (if possible). I need to do authentication just within the login.cshtml file. I googled a lot and am unable to find a tutorial (so that I can copy and paste) for what I need.
任何指针或帮助确实是AP preciated!
Any pointers or help is really appreciated!
感谢和问候
更新:此应用程序在内部网络上坐
更新2:这里是code我已经在成功实施X3074861X的code
if (IsPost)
{
username = Request["username"];
password = Request["password"];
var domain = "domain";
var host = "host";
var port = "389";
LdapConnection ldapConnection = new LdapConnection(host + ":" + port);
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLMKerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// this is where the authentication occurs
ldapConnection.Bind(networkCredential);
//check local database to make sure the user is one of we allowed
if (WebSecurity.Login(username, "fixed-password, just to check whether someone is on the list of allowed people", true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
}
}
catch (LdapException exception)
{
//Authentication failed, exception will dictate why
errorMessage = "Login was not successful.";
}
一些解释。我没有在AD控制,所以我只能对着它验证用户身份。我还是有一点本地数据库,表明谁可以访问应用程序。每个人都能够访问应用程序有同样的权利。
Some explanation. I dont have control over the AD and so I can only authenticate users against it. I still have a little local database that indicates who can access the app. Everyone with access to the app has the same rights.
感谢并归功于X3074861X。
推荐答案
由于这是一个内部应用程序,而你正在寻找一些简单的,我会考虑写一个类来做Active Directory身份验证。你将需要几件事情,虽然,为了使这项工作:
Since this is an internal application, and you're looking for something simple, I would consider writing a single class to do the Active Directory authentication. You're going to need a couple things though, in order for this to work :
在您的项目中引用 System.DirectoryServices.Protocols
。
的IP或Active Directory服务器的DNS名称。我们将称之为主机
在code以下。
在它上运行的端口(LDAPS将端口636,基本的LDAP将端口389)。我们将称之为端口
在code以下。
你的用户所属的域名。我们将称之为域
在下面的code。
A reference to System.DirectoryServices.Protocols
in your project.
The IP or DNS name of your Active Directory server. We'll call it host
in the code below.
The port it's running on (LDAPS will be port 636, basic LDAP will be port 389). We'll call it port
in the code below.
The Domain to which your users belong. We'll call it domain
in the code below.
现在,你有,你就可以这样组装起来,从对你的AD实例要求检查证件。我会尝试这样的:
Now that you have that, you can wire this up to check the credentials from the request against your AD instance. I would try something like this :
// the username and password to authenticate
username = Request["username"];
password = Request["password"];
// define your connection
LdapConnection ldapConnection = new LdapConnection("host:port");
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLMKerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// authenticate the user
ldapConnection.Bind(networkCredential);
}
catch (LdapException ldapException)
{
//Authentication failed, exception will dictate why
}
}
此外,以同样的方式,你会传达一个授权的问题前, ldapException
可以告诉你调用失败的原因。如果你想显示自定义的消息,我会检查 LdapException.Error code
属性,也许创建返回消息的基础上的错误codeS 。
Also, in the same way you'd communicate an authorization issue before, the ldapException
can tell you why the call failed. If you want to display custom messaging, I would check the LdapException.ErrorCode
property, and maybe create a case statement of return messages based on the error codes.
或者,你可以只输出 LdapException.Message
直接到页 - 无论哪种方式,这至少会决定用户为什么他们的登录名没有工作。
Or, you could just output LdapException.Message
directly to the page - either way, that will at least dictate to the user why their login didn't work.
相关推荐
最新文章