写了一个通用的认证类,请看代码
- private void btnCheck_Click(object sender, EventArgs e)
- {
- string strLDAPFilter = string.Format(txtFilter.Text, txtUserName.Text.Trim());
- //deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
- string TestUserID = txtUserName.Text;
- string TestUserPwd = txtPwd.Text;
- LDAPHelper objldap = new LDAPHelper();
- string strLDAPPath = txtLDAP.Text;
- string strLDAPAdminName = txtLUserName.Text;
- string strLDAPAdminPwd = txtLPwd.Text;
- string strMsg = "";
- bool blRet = objldap.OpenConnection(strLDAPPath, strLDAPAdminName, strLDAPAdminPwd);
- if (blRet)
- {
- blRet = objldap.CheckUidAndPwd(strLDAPFilter, TestUserID, TestUserPwd, ref strMsg);
- if (blRet)
- {
- strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "成功";
- }
- else if (!blRet && string.IsNullOrEmpty(strMsg))
- {
- strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "失败";
- }
- }
- this.txtLog.Text = System.DateTime.Now.ToString() + ":" + strMsg + "\r\n" + "\r\n" + this.txtLog.Text;
- MessageBox.Show(strMsg);
- }
- }
- public class LDAPHelper
- {
- private DirectoryEntry _objDirectoryEntry;
- /// <summary>
- /// 构造函数
- /// </summary>
- /// <param name="LADPath">ldap的地址,例如"LDAP://***.***.48.110:389/dc=***,dc=com"</param>
- /// <param name="authUserName">连接用户名,例如"cn=root,dc=***,dc=com"</param>
- /// <param name="authPWD">连接密码</param>
- public bool OpenConnection(string LADPath, string authUserName, string authPWD)
- { //创建一个连接
- _objDirectoryEntry = new DirectoryEntry(LADPath, authUserName, authPWD, AuthenticationTypes.None);
- if (null == _objDirectoryEntry)
- {
- return false;
- }
- else if (_objDirectoryEntry.Properties!=null&&_objDirectoryEntry.Properties.Count > 0)
- {
- return true;
- }
- return false;
- }
- /// <summary>
- /// 检测一个用户和密码是否正确
- /// </summary>
- /// <param name="strLDAPFilter">(|(uid= {0})(cn={0}))</param>
- /// <param name="TestUserID">testuserid</param>
- /// <param name="TestUserPwd">testuserpassword</param>
- /// <param name="ErrorMessage"></param>
- /// <returns></returns>
- public bool CheckUidAndPwd(string strLDAPFilter, string TestUserID, string TestUserPwd, ref string ErrorMessage)
- {
- bool blRet = false;
- try
- {
- //创建一个检索
- DirectorySearcher deSearch = new DirectorySearcher(_objDirectoryEntry);
- //过滤名称是否存在
- deSearch.Filter =strLDAPFilter;
- deSearch.SearchScope = SearchScope.Subtree;
- //find the first instance
- SearchResult objSearResult = deSearch.FindOne();
- //如果用户密码为空
- if (string.IsNullOrEmpty(TestUserPwd))
- {
- if (null != objSearResult && null != objSearResult.Properties && objSearResult.Properties.Count > 0)
- {
- blRet = true;
- }
- }
- else if (null != objSearResult && !string.IsNullOrEmpty(objSearResult.Path))
- {
- //获取用户名路径对应的用户uid
- int pos = objSearResult.Path.LastIndexOf('/');
- string uid = objSearResult.Path.Remove(0, pos + 1);
- DirectoryEntry objUserEntry = new DirectoryEntry(objSearResult.Path, uid, TestUserPwd, AuthenticationTypes.None);
- if (null != objUserEntry && objUserEntry.Properties.Count > 0)
- {
- blRet = true;
- }
- }
- }
- catch (Exception ex)
- {
- if (null != _objDirectoryEntry)
- {
- _objDirectoryEntry.Close();
- }
- ErrorMessage = "检测异常:"+ex.StackTrace;
- }
- return blRet;
- }
- /// <summary>
- /// 关闭连接
- /// </summary>
- public void closeConnection()
- {
- if (null != _objDirectoryEntry)
- {
- _objDirectoryEntry.Close();
- }
- }
- }
调用
- private void btnCheck_Click(object sender, EventArgs e)
- {
- string strLDAPFilter = string.Format(txtFilter.Text, txtUserName.Text.Trim());
- //deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
- string TestUserID = txtUserName.Text;
- string TestUserPwd = txtPwd.Text;
- LDAPHelper objldap = new LDAPHelper();
- string strLDAPPath = txtLDAP.Text;
- string strLDAPAdminName = txtLUserName.Text;
- string strLDAPAdminPwd = txtLPwd.Text;
- string strMsg = "";
- bool blRet = objldap.OpenConnection(strLDAPPath, strLDAPAdminName, strLDAPAdminPwd);
- if (blRet)
- {
- blRet = objldap.CheckUidAndPwd(strLDAPFilter, TestUserID, TestUserPwd, ref strMsg);
- if (blRet)
- {
- strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "成功";
- }
- else if (!blRet && string.IsNullOrEmpty(strMsg))
- {
- strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "失败";
- }
- }
- this.txtLog.Text = System.DateTime.Now.ToString() + ":" + strMsg + "\r\n" + "\r\n" + this.txtLog.Text;
- MessageBox.Show(strMsg);
- }
- }
实例下载:http://download.csdn.net/detail/paolei/6740833
LDAP是轻量目录访问协议,英文全称是Lightweight Directory Access Protocol,一般都简称为LDAP。它是基于X.500标准的,但是简单多了并且可以根据需要定制。与X.500不同,LDAP支持TCP/IP,这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义,所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到。
- bool checkResult = false;
- try
- {
- string username = Request.Params.Get("username");
- string userpwd = Request.Params.Get("userpwd");
- string strLADPath = "LDAP://OU=事业部,DC=HOLD,DC=Company,DC=COM";
- DirectoryEntry objEntry = new DirectoryEntry(strLADPath);
- objEntry.AuthenticationType = AuthenticationTypes.None;
- DirectorySearcher deSearch = new DirectorySearcher(objEntry);
- //过滤名称是否存在
- deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
- deSearch.SearchScope = SearchScope.Subtree;
- //find the first instance
- SearchResult results = deSearch.FindOne();
- //check username & userpwd
- if (null != results)
- {
- DirectoryEntry objUserEntry = new DirectoryEntry(results.Path, username, userpwd);
- if (null != objUserEntry && null != objUserEntry.Properties
- && objUserEntry.Properties.Contains("cn"))
- {
- checkResult = true;
- }
- }
- Response.Write("认证结果:" + checkResult.ToString());
- }
- catch (System.Exception ex)
- {
- Response.Write("认证异常"+ex.StackTrace);
- Response.Write("认证结果:" + checkResult.ToString());
- }
- private void btnCheck_Click(object sender, EventArgs e)
- {
- string strLDAPFilter = string.Format(txtFilter.Text, txtUserName.Text.Trim());
- //deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
- string TestUserID = txtUserName.Text;
- string TestUserPwd = txtPwd.Text;
- LDAPHelper objldap = new LDAPHelper();
- string strLDAPPath = txtLDAP.Text;
- string strLDAPAdminName = txtLUserName.Text;
- string strLDAPAdminPwd = txtLPwd.Text;
- string strMsg = "";
- bool blRet = objldap.OpenConnection(strLDAPPath, strLDAPAdminName, strLDAPAdminPwd);
- if (blRet)
- {
- blRet = objldap.CheckUidAndPwd(strLDAPFilter, TestUserID, TestUserPwd, ref strMsg);
- if (blRet)
- {
- strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "成功";
- }
- else if (!blRet && string.IsNullOrEmpty(strMsg))
- {
- strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "失败";
- }
- }
- this.txtLog.Text = System.DateTime.Now.ToString() + ":" + strMsg + "\r\n" + "\r\n" + this.txtLog.Text;
- MessageBox.Show(strMsg);
- }
- }
- public class LDAPHelper
- {
- private DirectoryEntry _objDirectoryEntry;
- /// <summary>
- /// 构造函数
- /// </summary>
- /// <param name="LADPath">ldap的地址,例如"LDAP://***.***.48.110:389/dc=***,dc=com"</param>
- /// <param name="authUserName">连接用户名,例如"cn=root,dc=***,dc=com"</param>
- /// <param name="authPWD">连接密码</param>
- public bool OpenConnection(string LADPath, string authUserName, string authPWD)
- { //创建一个连接
- _objDirectoryEntry = new DirectoryEntry(LADPath, authUserName, authPWD, AuthenticationTypes.None);
- if (null == _objDirectoryEntry)
- {
- return false;
- }
- else if (_objDirectoryEntry.Properties!=null&&_objDirectoryEntry.Properties.Count > 0)
- {
- return true;
- }
- return false;
- }
- /// <summary>
- /// 检测一个用户和密码是否正确
- /// </summary>
- /// <param name="strLDAPFilter">(|(uid= {0})(cn={0}))</param>
- /// <param name="TestUserID">testuserid</param>
- /// <param name="TestUserPwd">testuserpassword</param>
- /// <param name="ErrorMessage"></param>
- /// <returns></returns>
- public bool CheckUidAndPwd(string strLDAPFilter, string TestUserID, string TestUserPwd, ref string ErrorMessage)
- {
- bool blRet = false;
- try
- {
- //创建一个检索
- DirectorySearcher deSearch = new DirectorySearcher(_objDirectoryEntry);
- //过滤名称是否存在
- deSearch.Filter =strLDAPFilter;
- deSearch.SearchScope = SearchScope.Subtree;
- //find the first instance
- SearchResult objSearResult = deSearch.FindOne();
- //如果用户密码为空
- if (string.IsNullOrEmpty(TestUserPwd))
- {
- if (null != objSearResult && null != objSearResult.Properties && objSearResult.Properties.Count > 0)
- {
- blRet = true;
- }
- }
- else if (null != objSearResult && !string.IsNullOrEmpty(objSearResult.Path))
- {
- //获取用户名路径对应的用户uid
- int pos = objSearResult.Path.LastIndexOf('/');
- string uid = objSearResult.Path.Remove(0, pos + 1);
- DirectoryEntry objUserEntry = new DirectoryEntry(objSearResult.Path, uid, TestUserPwd, AuthenticationTypes.None);
- if (null != objUserEntry && objUserEntry.Properties.Count > 0)
- {
- blRet = true;
- }
- }
- }
- catch (Exception ex)
- {
- if (null != _objDirectoryEntry)
- {
- _objDirectoryEntry.Close();
- }
- ErrorMessage = "检测异常:"+ex.StackTrace;
- }
- return blRet;
- }
- /// <summary>
- /// 关闭连接
- /// </summary>
- public void closeConnection()
- {
- if (null != _objDirectoryEntry)
- {
- _objDirectoryEntry.Close();
- }
- }
- }