Asp.net MVC 集成AD域认证

最新推荐文章于 2020-11-24 10:24:01 发布
最新推荐文章于 2020-11-24 10:24:01 发布
阅读量652 收藏
点赞数
文章标签: 测试 c#
原文链接:http://www.cnblogs.com/652769324qq/p/11454627.html
版权
本文详细介绍了如何在WebApi应用中配置和实现AD域认证,包括Web.config中的域认证服务器节点配置,LDAPController中的AD验证方法,以及ADHelper类中的一系列AD管理操作,如用户查找、密码设置、用户启用和禁用等。
摘要由CSDN通过智能技术生成

1.首先WebApi 应用下Web.config要配置域认证服务器节点,如下

<!--LDAP地址 用于项目AD系统账号密码验证-->

<!--0:关闭域认证;1:开启域认证-->
<add key="EnableADCheck" value="0"/>
<add key="LDAPAPI" value="域认证服务器的api地址"/>  

2.Api控制器Controller

    public class LDAPController : ApiController
    {
        /// <summary>
        /// 用于AD验证
        /// </summary>
        /// <param name="account"></param>
        /// <param name="pwd"></param>
        [AllowAnonymous]
        [HttpPost]
        public HttpResponseMessage Check(HttpRequestMessage req)
        {
            try
            {
            SimpleLog.WriteLog(LogFile.Trace, "" + " start"+ req.Content.ReadAsStringAsync().Result);
            dynamic data = DynamicJson.Parse(req.Content.ReadAsStringAsync().Result);
            var decrPwd = "";
            var account = data.Account;
            var pwd = data.Pwd;
            try
            {//1.先对密码进行解密
                decrPwd = AESEnCryptUtils.Decrypt(pwd);
            }
            catch (Exception ex)
            {
                SimpleLog.WriteLog(LogFile.Error, "解密失败:" + ex.Message);
                return JsonBuilder.Build("error" + "-解密失败" + ex.Message);
            }
            var result = ADHelper.CheckExist(account, decrPwd).ToString();
            SimpleLog.WriteLog(LogFile.Error, "End:" + result);
            return JsonBuilder.Build(result);
            }
            catch (Exception ex)
            {
                SimpleLog.WriteLog(LogFile.Error,ex.Message+"-"+ ex.StackTrace);
                return JsonBuilder.Build(ex.Message);
            }

        }

       
    }
 public class SimpleLog
    {
        private static string logPath = string.Empty;
        /// <summary>
        /// 保存日志的文件夹
        /// </summary>
        public static string LogPath
        {
            get
            {
                if (logPath == string.Empty)
                {
                    // Web 应用
                    logPath = AppDomain.CurrentDomain.BaseDirectory + @"log\";
                }
                return logPath;
            }
            set { logPath = value; }
        }

        private static string logFielPrefix = string.Empty;
        /// <summary>
        /// 日志文件前缀
        /// </summary>
        public static string LogFielPrefix
        {
            get { return logFielPrefix; }
            set { logFielPrefix = value; }
        }

        /// <summary>
        /// 写日志
        /// </summary>
        public static void WriteLog(string logFile, string msg)
        {
            try
            {
                if (!Directory.Exists(LogPath))//如果没有文件指定的目录就创建
                {
                    Directory.CreateDirectory(LogPath);
                }
                System.IO.StreamWriter sw = System.IO.File.AppendText(
                    LogPath + LogFielPrefix + logFile + " " +
                    DateTime.Now.ToString("yyyyMMdd") + ".Log"
                    );
                sw.WriteLine(DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss: ") + msg);
                sw.Close();
            }
            catch
            { }
        }

        /// <summary>
        /// 写日志
        /// </summary>
        public static void WriteLog(LogFile logFile, string msg)
        {
            WriteLog(logFile.ToString(), msg);
        }
    }

    /// <summary>
    /// 日志类型
    /// </summary>
    public enum LogFile
    {
        Trace,
        Warning,
        Error,
        SQL
    }
 public class JsonBuilder
    {
        /// <summary>
        /// 返回该对象的Json数据格式
        /// </summary>
        /// <typeparam name="T"></typeparam>
        /// <param name="content"></param>
        /// <returns></returns>
        public static HttpResponseMessage Build<T>(T content) 
        {
            if (null == content) return BuildNull();

            JsonSerializerSettings jss = new JsonSerializerSettings();
            jss.DateTimeZoneHandling = DateTimeZoneHandling.Local;

            Encoding _encoding = new UTF8Encoding(false);

            JsonSerializer serializer = JsonSerializer.Create(jss);

            using (MemoryStream stream = new MemoryStream())
            {
                const int DefaultStreamWriterBufferSize = 0x400;
                using (TextWriter textWriter = new StreamWriter(stream, _encoding,
                    bufferSize: DefaultStreamWriterBufferSize))
                {
                    using (JsonWriter jsonWriter = new JsonTextWriter(textWriter) { CloseOutput = false })
                    {
                        serializer.Serialize(jsonWriter, content);
                        jsonWriter.Flush();

                        ArraySegment<byte> segment = new ArraySegment<byte>(stream.GetBuffer(), 0, (int)stream.Length);

                        HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);

                        try
                        {
                            response.Content = new ByteArrayContent(segment.Array, segment.Offset, segment.Count);
                            MediaTypeHeaderValue contentType = new MediaTypeHeaderValue("application/json");
                            contentType.CharSet = _encoding.WebName;
                            response.Content.Headers.ContentType = contentType;
                           // response.Headers.Add("Access-Control-Allow-Origin", "*");
                            //response.Headers.Add("Access-Control-Allow-Credentials", "true");
                            //response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, HEAD, OPTIONS");
                            //response.Headers.Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, test1");
                            
                            return response;
                        }
                        catch
                        {
                            response.Dispose();
                            throw;
                        }
                    }
                }


            }
        }


        public static HttpResponseMessage Build<T>(T content, string contentType)
        {
            if (null == content) return BuildNull();

            JsonSerializerSettings jss = new JsonSerializerSettings();
            jss.DateTimeZoneHandling = DateTimeZoneHandling.Local;

            Encoding _encoding = new UTF8Encoding(false);

            JsonSerializer serializer = JsonSerializer.Create(jss);

            using (MemoryStream stream = new MemoryStream())
            {
                const int DefaultStreamWriterBufferSize = 0x400;
                using (TextWriter textWriter = new StreamWriter(stream, _encoding,
                    bufferSize: DefaultStreamWriterBufferSize))
                {
                    using (JsonWriter jsonWriter = new JsonTextWriter(textWriter) { CloseOutput = false })
                    {
                        serializer.Serialize(jsonWriter, content);
                        jsonWriter.Flush();

                        ArraySegment<byte> segment = new ArraySegment<byte>(stream.GetBuffer(), 0, (int)stream.Length);

                        HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);

                        try
                        {
                            response.Content = new ByteArrayContent(segment.Array, segment.Offset, segment.Count);
                            MediaTypeHeaderValue mediaTypeHeaderValue = new MediaTypeHeaderValue(contentType);
                            mediaTypeHeaderValue.CharSet = _encoding.WebName;
                            response.Content.Headers.ContentType = mediaTypeHeaderValue;
                            // response.Headers.Add("Access-Control-Allow-Origin", "*");
                            //response.Headers.Add("Access-Control-Allow-Credentials", "true");
                            //response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, HEAD, OPTIONS");
                            //response.Headers.Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, test1");

                            return response;
                        }
                        catch
                        {
                            response.Dispose();
                            throw;
                        }
                    }
                }


            }
        }

        public static HttpResponseMessage BuildNull()
        {
            Encoding _encoding = Encoding.UTF8;
            HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.NotFound);
            response.Content = new StringContent("");
            response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
            return response;
        }
    }
 public class ADHelper
    {

        /// <summary>
        /// 查找目录项 
        /// </summary>
        /// <param name="category">分类 users</param>
        /// <param name="name">用户名</param>
        /// <returns>目录项实体</returns>
        public static DirectoryEntry FindObject(string name)
        {
            DirectoryEntry de = null;
            DirectorySearcher ds = null;
            DirectoryEntry userEntry = null;
            try
            {
                de = GetDirectoryObject();
                ds = new DirectorySearcher(de);
                string queryFilter = string.Format("(&(objectCategory=user)(sAMAccountName={0}))", name);
                ds.Filter = queryFilter;
                SearchResult sr = ds.FindOne();
                if (sr != null)
                {
                    userEntry = sr.GetDirectoryEntry();
                }
                return userEntry;
            }
            catch (Exception ex)
            {
                return new DirectoryEntry();
            }
            finally
            {
                if (ds != null)
                {
                    ds.Dispose();
                }
                if (de != null)
                {
                    de.Dispose();
                }
            }
        }
       
        public static string CheckExist(string Account, string Pwd)
        {
            try
            {
                DirectoryEntry de = new DirectoryEntry(ADPath, Account, Pwd, AuthenticationTypes.ServerBind);
                DirectorySearcher deSearch = new DirectorySearcher(de);
                deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + Account + "))";
                deSearch.SearchScope = SearchScope.Subtree;
                SearchResult result = deSearch.FindOne();
                return "sucess";
            }
            catch (Exception ex)
            {
                return "error:" + ex.Message;
            }
        }
        /// 
        /// 域名,比如:bokeyuan
        /// 
        public static string DomainName = ConfigurationManager.AppSettings["DefaultDomain"];
        /// 
        /// LDAP绑定路径,比如:LDAP://wodeblog.com
        /// 
        public static string ADPath = ConfigurationManager.AppSettings["ADConnString"];
        /// 
        /// 登录帐号,比如:TestUser
        /// 
        public static string ADUser = ConfigurationManager.AppSettings["DefaultAdminUser"];
        /// 
        /// 登录密码,比如:123456
        /// 
        public static string ADPassword = ConfigurationManager.AppSettings["AdminPassword"];

        /// 
        /// 扮演类实例
        /// 
        private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);

        /// 
        /// 用户登录验证结果
        /// 
        public enum LoginResult
        {
            /// 
            /// 正常登录
            /// 
            LOGIN_USER_OK = 0,
            /// 
            /// 用户不存在
            /// 
            LOGIN_USER_DOESNT_EXIST,
            /// 
            /// 用户帐号被禁用
            /// 
            LOGIN_USER_ACCOUNT_INACTIVE,
            /// 
            /// 用户密码不正确
            /// 
            LOGIN_USER_PASSWORD_INCORRECT
        }

        /// 
        /// 用户属性定义标志
        /// 
        public enum ADS_USER_FLAG_ENUM
        {
            /// 
            /// 登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。
            /// 
            ADS_UF_SCRIPT = 0X0001,
            /// 
            /// 用户帐号禁用标志
            /// 
            ADS_UF_ACCOUNTDISABLE = 0X0002,
            /// 
            /// 主文件夹标志
            /// 
            ADS_UF_HOMEDIR_REQUIRED = 0X0008,
            /// 
            /// 过期标志
            /// 
            ADS_UF_LOCKOUT = 0X0010,
            /// 
            /// 用户密码不是必须的
            /// 
            ADS_UF_PASSWD_NOTREQD = 0X0020,
            /// 
            /// 密码不能更改标志
            /// 
            ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
            /// 
            /// 使用可逆的加密保存密码
            /// 
            ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
            /// 
            /// 本地帐号标志
            /// 
            ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
            /// 
            /// 普通用户的默认帐号类型
            /// 
            ADS_UF_NORMAL_ACCOUNT = 0X0200,
            /// 
            /// 跨域的信任帐号标志
            /// 
            ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
            /// 
            /// 工作站信任帐号标志
            /// 
            ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
            /// 
            /// 服务器信任帐号标志
            /// 
            ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
            /// 
            /// 密码永不过期标志
            /// 
            ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
            /// 
            /// MNS 帐号标志
            /// 
            ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
            /// 
            /// 交互式登录必须使用智能卡
            /// 
            ADS_UF_SMARTCARD_REQUIRED = 0X40000,
            /// 
            /// 当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任
            /// 
            ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
            /// 
            /// 当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托
            /// 
            ADS_UF_NOT_DELEGATED = 0X100000,
            /// 
            /// 此帐号需要 DES 加密类型
            /// 
            ADS_UF_USE_DES_KEY_ONLY = 0X200000,
            /// 
            /// 不要进行 Kerberos 预身份验证
            /// 
            ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
            /// 
            /// 用户密码过期标志
            /// 
            ADS_UF_PASSWORD_EXPIRED = 0X800000,
            /// 
            /// 用户帐号可委托标志
            /// 
            ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
        }

        public ADHelper()
        {
            //
        }

        #region GetDirectoryObject

        /// 
        /// 获得DirectoryEntry对象实例,以管理员登陆AD
        /// 
        /// 
        public static DirectoryEntry GetDirectoryObject()
        {

            DirectoryEntry entry = new DirectoryEntry("LDAP://域名", "用户名", "密码", AuthenticationTypes.ServerBind);
            return entry;
        }



        /// 
        /// 根据指定用户名和密码获得相应DirectoryEntry实体
        /// 
        public static DirectoryEntry GetDirectoryObject(string userName, string password)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);
            return entry;
        }

        /// 
        /// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com
        /// 
        public static DirectoryEntry GetDirectoryObject(string domainReference)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPassword, AuthenticationTypes.Secure);
            return entry;
        }

        /// 
        /// 获得以UserName,Password创建的DirectoryEntry
        /// 
        public static DirectoryEntry GetDirectoryObject(string domainReference, string userName, string password)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, userName, password, AuthenticationTypes.Secure);
            return entry;
        }

        #endregion

        #region GetDirectoryEntry

        /// 
        /// 根据用户公共名称取得用户的 对象
        /// 
        /// 用户公共名称
        /// 如果找到该用户,则返回用户的 对象;否则返回 null
        public static DirectoryEntry GetDirectoryEntry(string commonName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
                return de;
            }
            catch (Exception ex)
            {
                return null;
            }
        }

        /// 
        /// 根据用户公共名称和密码取得用户的 对象。
        /// 
        /// 用户公共名称
        /// 用户密码
        /// 如果找到该用户,则返回用户的 对象;否则返回 null
        public static DirectoryEntry GetDirectoryEntry(string sAMAccountName, string password, string commonName)
        {

            DirectoryEntry de = GetDirectoryObject(DomainName + "\\" + sAMAccountName, password);
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
                return de;
            }
            catch (Exception ex)
            {
                return null;
            }
        }

        /// 
        /// 根据用户帐号称取得用户的 对象
        /// 
        /// 用户帐号名
        /// 如果找到该用户,则返回用户的 对象;否则返回 null
        public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
        {

            DirectoryEntry de = new DirectoryEntry("LDAP://域认证地址", "用户名", "密码", AuthenticationTypes.ServerBind);
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
            deSearch.SearchScope = SearchScope.Subtree;
            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
                return de;
            }
            catch (Exception ex)
            {
                return null;
            }
        }

        /// 
        /// 根据用户帐号和密码取得用户的 对象
        /// 
        /// 用户帐号名
        /// 用户密码
        /// 如果找到该用户,则返回用户的 对象;否则返回 null
        public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)
        {
            //DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
            DirectoryEntry de = FindObject(sAMAccountName);
            if (de != null)
            {
                string commonName = de.Properties["cn"][0].ToString();

                var entry = GetDirectoryEntry(sAMAccountName, password, commonName);

                if (entry != null)
                    return entry;
                else
                    return null;
            }
            else
            {
                return null;
            }
        }

        /// 
        /// 根据组名取得用户组的 对象
        /// 
        /// 组名
        /// 
        public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
                return de;
            }
            catch
            {
                return null;
            }
        }

        #endregion

        #region Get and Set Property

        /// 
        /// 获得指定 指定属性名对应的值
        /// 
        /// 
        /// 属性名称
        /// 属性值
        public static object GetProperty(DirectoryEntry de, string propertyName)
        {
            if (de.Properties.Contains(propertyName))
            {
                return de.Properties[propertyName][0];
            }
            else
            {
                return "";
            }
        }

        /// 
        /// 获得指定搜索结果 中指定属性名对应的值
        /// 
        /// 
        /// 属性名称
        /// 属性值
        public static object GetProperty(SearchResult searchResult, string propertyName)
        {
            if (searchResult.Properties.Contains(propertyName))
            {
                return searchResult.Properties[propertyName][0];
            }
            else
            {
                return "";
            }
        }

        /// 
        /// 设置指定 的属性值
        /// 
        /// 
        /// 属性名称
        /// 属性值
        public void SetProperty(DirectoryEntry entry, string propertyName, string propertyValue)
        {
            if (entry.Properties.Contains(propertyName))
            {
                if (string.IsNullOrEmpty(propertyValue))
                {
                    object o = entry.Properties[propertyName].Value;
                    entry.Properties[propertyName].Remove(o);
                }
                else
                {
                    entry.Properties[propertyName][0] = propertyValue;
                }
            }
            else
            {
                if (string.IsNullOrEmpty(propertyValue))
                {
                    return;
                }
                entry.Properties[propertyName].Add(propertyValue);
            }

        }


        #endregion


        #region Management

        /// 
        /// 创建新的用户
        /// 
        /// DN 位置。例如:OU=共享平台 或 CN=Users
        /// 公共名称
        /// 帐号
        /// 密码
        /// 
        public static DirectoryEntry CreateNewUser(string ldapDN, string commonName, string sAMAccountName, string password)
        {
            DirectoryEntry entry = GetDirectoryObject();
            DirectoryEntry subEntry = entry.Children.Find(ldapDN);
            DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");
            deUser.Properties["sAMAccountName"].Value = sAMAccountName;
            deUser.CommitChanges();
            ADHelper.SetPassword(commonName, password);
            ADHelper.EnableUser(commonName);
            deUser.Close();
            return deUser;
        }

        /// 
        /// 创建新的用户。默认创建在 Users 单元下。
        /// 
        /// 公共名称
        /// 帐号
        /// 密码
        /// 
        public static DirectoryEntry CreateNewUser(string commonName, string sAMAccountName, string password)
        {
            return CreateNewUser("CN=Users", commonName, sAMAccountName, password);
        }

        /// 
        /// 判断指定公共名称的用户是否存在
        /// 
        /// 用户公共名称
        /// 如果存在,返回 true;否则返回 false
        public static bool IsUserExists(string commonName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";        // LDAP 查询串
            SearchResultCollection results = deSearch.FindAll();

            if (results.Count == 0)
                return false;
            else
                return true;
        }

        /// 
        /// 判断用户帐号是否激活
        /// 
        /// 用户帐号属性控制器
        /// 如果用户帐号已经激活,返回 true;否则返回 false
        public static bool IsAccountActive(int userAccountControl)
        {
            int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
            int flagExists = userAccountControl & userAccountControl_Disabled;

            if (flagExists > 0)
                return false;
            else
                return true;
        }

        /// 
        /// 判断用户与密码是否足够以满足身份验证进而登录
        /// 
        /// 用户公共名称
        /// 密码
        /// 如能可正常登录,则返回 true;否则返回 false
        public static LoginResult Login(string commonName, string password)
        {
            DirectoryEntry de = GetDirectoryEntry(commonName);

            if (de != null)
            {
                // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
                string sAMAccountName = de.Properties["sAMAccountName"].ToString();
                de.Close();
                if (GetDirectoryEntry(sAMAccountName, password, commonName) != null)
                    return LoginResult.LOGIN_USER_OK;
                else
                    return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
            }
            else
            {
                return LoginResult.LOGIN_USER_DOESNT_EXIST;
            }
        }

        /// 
        /// 判断用户帐号与密码是否足够以满足身份验证进而登录
        /// 
        /// 用户帐号(不包含域名)
        /// 密码
        /// 如能可正常登录,则返回 true;否则返回 false
        public static LoginResult LoginByAccount(string sAMAccountName, string password)
        {
            ADHelper.DomainName = sAMAccountName.Split('\\')[0];

            if (sAMAccountName.IndexOf('\\') > -1)
            {
                sAMAccountName = sAMAccountName.Split('\\')[1].Trim('\\');
            }
            DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName); //判断该用户是否存在
            if (de != null)
            {
                // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
                de.Close();
                if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)
                    return LoginResult.LOGIN_USER_OK;
                else
                    return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
            }
            else
            {
                return LoginResult.LOGIN_USER_DOESNT_EXIST;
            }
        }

        /// 
        /// 设置用户密码,管理员可以通过它来修改指定用户的密码。
        /// 
        /// 用户公共名称
        /// 用户新密码
        public static void SetPassword(string commonName, string newPassword)
        {
            DirectoryEntry de = GetDirectoryEntry(commonName);

            // 模拟超级管理员,以达到有权限修改用户密码
            impersonate.BeginImpersonate();
            de.Invoke("SetPassword", new object[] { newPassword });
            impersonate.StopImpersonate();

            de.Close();
        }
        /// 
        /// 修改用户密码
        /// 
        /// 用户公共名称
        /// 旧密码
        /// 新密码
        public static void ChangeUserPassword(string commonName, string oldPassword, string newPassword)
        {
            // to-do: 需要解决密码策略问题
            DirectoryEntry oUser = GetDirectoryEntry(commonName);
            oUser.Invoke("ChangePassword", new Object[] { oldPassword, newPassword });
            oUser.Close();
        }

        /// 
        /// 启用指定公共名称的用户
        /// 
        /// 用户公共名称
        public static void EnableUser(string commonName)
        {
            EnableUser(GetDirectoryEntry(commonName));
        }

        /// 
        /// 启用指定 的用户
        /// 
        /// 
        public static void EnableUser(DirectoryEntry de)
        {
            impersonate.BeginImpersonate();
            de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
            de.CommitChanges();
            impersonate.StopImpersonate();
            de.Close();
        }

        /// 
        /// 禁用指定公共名称的用户
        /// 
        /// 用户公共名称
        public static void DisableUser(string commonName)
        {
            DisableUser(GetDirectoryEntry(commonName));
        }

        /// 
        /// 禁用指定 的用户
        /// 
        /// 
        public static void DisableUser(DirectoryEntry de)
        {
            impersonate.BeginImpersonate();
            de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
            de.CommitChanges();
            impersonate.StopImpersonate();
            de.Close();
        }

        /// 
        /// 将指定的用户添加到指定的组中。默认为 Users 下的组和用户。
        /// 
        /// 用户公共名称
        /// 组名
        public static void AddUserToGroup(string userCommonName, string groupName)
        {
            DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
            DirectoryEntry oUser = GetDirectoryEntry(userCommonName);

            impersonate.BeginImpersonate();
            oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);
            oGroup.CommitChanges();
            impersonate.StopImpersonate();

            oGroup.Close();
            oUser.Close();
        }

        /// 
        /// 将用户从指定组中移除。默认为 Users 下的组和用户。
        /// 
        /// 用户公共名称
        /// 组名
        public static void RemoveUserFromGroup(string userCommonName, string groupName)
        {
            DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
            DirectoryEntry oUser = GetDirectoryEntry(userCommonName);

            impersonate.BeginImpersonate();
            oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);
            oGroup.CommitChanges();
            impersonate.StopImpersonate();

            oGroup.Close();
            oUser.Close();
        }

        #endregion Management

        #region Client

        private static DirectoryEntry InitEntry(string condition)
        {
            DirectoryEntry entry = null;
            DirectorySearcher searcher = new DirectorySearcher(condition);

            if (ADHelper.ADUser != "")
            {
                searcher.SearchRoot.Username = ADHelper.ADUser;
                searcher.SearchRoot.Password = ADHelper.ADPassword;
            }
            SearchResult result = searcher.FindOne();
            if (result == null)
            {
                return null;
            }
            if (ADHelper.ADUser != "")
            {
                entry = new DirectoryEntry(result.Path, ADHelper.ADUser, ADHelper.ADPassword);
            }
            else
            {
                entry = new DirectoryEntry(result.Path);
            }
            entry.RefreshCache();
            return entry;
        }


        public static string ExtractUserName(string userName)
        {
            int index = userName.IndexOf(@"\");
            string str = userName;
            if (index != -1)
            {
                str = userName.Substring(index + 1, (userName.Length - index) - 1);
            }
            else
            {
                index = userName.IndexOf("@");
                if (index != -1)
                {
                    str = userName.Substring(index + 1, (userName.Length - index) - 1);
                }
            }
            return str;
        }

        public static string[] GetMembersOfGroup(string groupName)
        {
            DirectoryEntry entry = InitEntry("(&(objectClass=group)(cn=" + groupName + "))");
            DirectoryEntry entry2 = new DirectoryEntry();
            string[] strArray = new string[entry.Properties["member"].Count];
            for (int i = 0; i < strArray.Length; i++)
            {
                entry2 = new DirectoryEntry("LDAP://" + entry.Properties["member"][i]);
                strArray[i] = entry2.Properties["sAMAccountName"].Value.ToString();
            }
            return strArray;
        }

        public static string GetDisplayName(string userName)
        {
            DirectoryEntry entry = InitEntry("(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + ExtractUserName(userName) + "))");
            if (entry == null)
            {
                throw new Exception("Could not found the badge number: " + userName);
            }
            string str = "";
            if (entry.Properties.Contains("displayName"))
            {
                str = str + entry.Properties["displayName"].Value.ToString();
            }
            return str;
        }

        public static string GetUserMail(string userName)
        {
            DirectoryEntry entry = InitEntry("(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + ExtractUserName(userName) + "))");
            if (entry == null)
            {
                throw new Exception("Could not found the badge number: " + userName);
            }
            object obj = ADHelper.GetProperty(entry, "mail");
            return (obj == null) ? "" : obj.ToString();
        }

        public static string GetUserEnglishName(string userName)
        {
            DirectoryEntry entry = InitEntry("(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + ExtractUserName(userName) + "))");
            if (entry == null)
            {
                throw new Exception("Could not found the badge number: " + userName);
            }
            string str = "";
            if (entry.Properties.Contains("givenName"))
            {
                str = str + entry.Properties["givenName"].Value.ToString();
            }
            if (entry.Properties.Contains("sn"))
            {
                str = str + " " + entry.Properties["sn"].Value.ToString();
            }
            return str;
        }

        public static string[] GetGroupsOfUser(string userName)
        {
            DirectoryEntry entry = InitEntry("(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + ExtractUserName(userName) + "))");
            if (entry == null)
            {
                return null;
            }
            DirectoryEntry entry2 = new DirectoryEntry();
            string[] strArray = new string[entry.Properties["memberOf"].Count];
            for (int i = 0; i < strArray.Length; i++)
            {
                entry2 = new DirectoryEntry("LDAP://" + entry.Properties["memberOf"][i]);
                strArray[i] = entry2.Properties["name"].Value.ToString();
            }
            return strArray;
        }

        public static string GetUserAccountByEmail(string email)
        {
            DirectoryEntry entry = InitEntry("(&(&(objectCategory=person)(objectClass=user))(mail=" + ExtractUserName(email) + "))");
            if (entry == null)
            {
                throw new Exception("Could not find the email:" + email);
            }
            return entry.Properties["sAMAccountName"].Value.ToString();
        }

        public static string GetUserAccountByEmailORAccount(string emailOrAccount)
        {
            if (IsAccount(emailOrAccount))
            {
                return emailOrAccount;
            }
            return GetUserAccountByEmail(emailOrAccount);
        }

        public static string GetUserNameByEmail(string email)
        {
            DirectoryEntry entry = InitEntry("(&(&(objectCategory=person)(objectClass=user))(mail=" + ExtractUserName(email) + "))");
            if (entry == null)
            {
                throw new Exception("Could not found the email: " + email);
            }
            return DomainName + "\\" + entry.Properties["sAMAccountName"].Value.ToString();
        }

        public static bool IsAccount(string rawAccount)
        {
            if (InitEntry("(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + ExtractUserName(rawAccount) + "))") == null)
            {
                return false;
            }
            return true;
        }

        #endregion Client

    }
    /// 
    /// 用户模拟角色类。实现在程序段内进行用户角色模拟。
    /// 
    public class IdentityImpersonation
    {
        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public extern static bool CloseHandle(IntPtr handle);

        // 要模拟的用户的用户名、密码、域(机器名)
        private String _sImperUsername;
        private String _sImperPassword;
        private String _sImperDomain;
        // 记录模拟上下文
        private WindowsImpersonationContext _imperContext;
        private IntPtr _adminToken;
        private IntPtr _dupeToken;
        // 是否已停止模拟
        private Boolean _bClosed;

        private WindowsIdentity fakeId;
        public WindowsIdentity Identity
        {
            get
            {
                return this.fakeId;
            }
        }

        /// 
        /// 构造函数
        /// 
        /// 所要模拟的用户的用户名
        /// 所要模拟的用户的密码
        /// 所要模拟的用户所在的域
        public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
        {
            _sImperUsername = impersonationUsername;
            _sImperPassword = impersonationPassword;
            _sImperDomain = impersonationDomain;

            _adminToken = IntPtr.Zero;
            _dupeToken = IntPtr.Zero;
            _bClosed = true;
        }

        /// 
        /// 析构函数
        /// 
        ~IdentityImpersonation()
        {
            if (!_bClosed)
            {
                StopImpersonate();
            }
        }

        /// 
        /// 开始身份角色模拟。
        /// 
        /// 
        public Boolean BeginImpersonate()
        {
            Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);
            if (!bLogined)
            {
                return false;
            }
            Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);
            if (!bDuped)
            {
                return false;
            }
            fakeId = new WindowsIdentity(_dupeToken);
            _imperContext = fakeId.Impersonate();
            _bClosed = false;
            return true;
        }

        /// 
        /// 开始身份角色模拟。
        /// 
        /// 
        public Boolean BeginImpersonate(string type)
        {
            Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);
            if (!bLogined)
            {
                return false;
            }
            fakeId = new WindowsIdentity(_adminToken, type, WindowsAccountType.Normal, true);
            _imperContext = fakeId.Impersonate();
            _bClosed = false;
            return true;
        }
        /// 
        /// 停止身分角色模拟。
        /// 
        public void StopImpersonate()
        {
            _imperContext.Undo();
            CloseHandle(_dupeToken);
            CloseHandle(_adminToken);
            _bClosed = true;
        }
    }

 

转载于:https://www.cnblogs.com/652769324qq/p/11454627.html

weixin_30883271
关注
ASP.NET MVC5 C# Entity Framework 连接 Oracle 数据库
idjiang的博客
09-13 2317
ASP.NET MVC5 C# Entity Framework 连接 Oracle 数据库创建数据库安装 Entity Framework配置数据库连接字符串添加实体模型类添加数据库上下文类添加控制器类运行测试 创建数据库 创建【全局数据库名】为 demodb 的Oracle数据库,用 SYSTEM 用户连接成功后创建【用户名】为 DJIANG 的用户,并授予该用户 DBA 角色 安装 Enti...
Asp.Net(C#)AD验证WebService
04-26
Asp.Net(C#)AD验证WebService 解决方案里面提供两个方法,调用非常简单,方法三个参数:服务地址+端口、用户名、密码;如果服务器固定可以直接就爱那个第一个参数配置在Web.config中。
ASP.NET集成AD身份验证
weixin_34168700的博客
12-26 627
预期效果 如果使用用户登录操作系统,然后访问网站,无须登录,直接进入网站。 如果使用非用户登录操作系统,然后访问网站,弹出登录页面。 解决方案 ASP.NET项目 使用三个页面来模拟这个过程:Default.aspx、Index.aspx、Login.aspx Default.aspx.cs中的代码: protected void Page_Load(object s...
asp.net 使用AD进行身份进行验证
weixin_34392435的博客
04-01 202
//在登录界面增加一个AD验证方法 private static DirectoryEntry GetDirectoryObject(string userName,string userPwd) { DirectoryEntry entry = null; try { entry = ...
ASP.NET站点Windows身份验证集成AD,非LDAP
weixin_34245749的博客
03-19 389
站点集成AD验证 服务器机器入 计算机右键属性-->“更改设置”-->“更改”-->填写所属,确认后重启机器生效。 部署测试站点,localhost、ip、名三种方式登录效果 站点部署至IIS,config配置文件<authentication mode="Windows" />,站点关闭Forms、匿名身份验证。登出需要...
.NET中通过验证用户名和密码
weixin_34376986的博客
05-04 407
类代码: using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web....
asp.net mvc 5开发相关例子程序的打包
03-18
6. **身份认证与授权**:ASP.NET MVC 5集成了OWIN(开放Web接口 for .NET)和Katana项目,提供了一套完整的身份验证和授权机制,支持多种身份验证方案,如OAuth2、OpenID Connect等。 7. **Entity Framework**:...
Mvc5:ASP.NET MVC5源代码-mvc source code
03-24
6. **身份认证与授权**:ASP.NET MVC5集成ASP.NET Identity系统,用于处理用户身份验证和授权。它可以与多种存储提供者(如SQL Server、Azure AD或OAuth服务集成,提供安全的身份管理。 7. **AJAX支持**:ASP...
asp.net mvc chart(MVC 使用chart图表控件的示例)
08-02
ASP.NET MVC 是一个强大的框架,用于构建动态、数据驱动的Web应用程序。在ASP.NET MVC中,我们可以使用Chart控件来创建各种类型的图表,包括折线图、柱状图、饼图等,以便于数据可视化。这个示例将深入探讨如何在MVC...
毕业设计:基于Asp.net core mvc框架使用的AD管理系统.zip
最新发布
10-11
通过这个AD管理系统,学生将有机会深入理解Asp.net core MVC的架构,学习如何实现用户认证和角色管理,以及如何与Active Directory进行集成,从而管理用户账户和权限。这不仅可以提升他们的编程技能,也有助于理解...
asp.net 实现用户的验证
10-28
asp.net 实现用户的验证 源码简单易懂,使用的是Visual studio 2008
ASP使用AD验证
weixin_33943836的博客
07-05 270
需要写一个订单管理系统,企业环境通过AD认证比较方便,网上查询并实验了以下方法成功1. 函数功能:查询用户信息<%'''参数说明:strAdmin-管理账户;Password-帐户密码;Domain-服务器。''''''参考资料:http://www.experts-exchange.com/Web_Development/Web_Languages-S...
asp.net验证ad用户的方法
baidu_24954651的专栏
01-19 503
1.要使用DirectoryEntry 必须首先添加引用System.DirectoryServices 2.DirectoryEntry 类可封装 Active Directory 服务层次结构中的节点或对象。 使用此类绑定到对象、读取属性和更新特性。 3.DirectoryEntry 与帮助器类一起为生存期管理和导航方法提供支持,包括创建、删除、重命名、移动子节点和枚举子级。 4
asp.net权限认证认证
正在注销账号的博客
12-21 623
1.web.config配置文件 &lt;configuration&gt;   &lt;system.web&gt;     &lt;authentication mode="Windows" /&gt;   &lt;/system.web&gt; &lt;/configuration&gt; 2.IIS身份认证中关闭其他认证,只保留“Windows身份认证”  3.设置显示...
如何为.NET MVC添加Azure AD验证
窗外有青山
06-03 985
登陆Azure,添加对应AD,记录下AD名。 AD下有默认的Azure帐户,为MVC程序添加AD用户新建MVC程序选择AD认证输入AD名确定时需验证Azure帐户。此时必须先在Azure主页注销,并保证机器上没有登陆其他Azure账户,否则会导致验证失败。确认后启动MVC程序,会自动跳转到Azure AD的身份验证。用刚创建的AD用户可登陆 P.S 虽然此时网站自动变为https协议,默认
.net中用户帐号进行验证
Vincent.woo(文子)
09-27 1624
http://www.cnblogs.com/flier/archive/2005/04/27/55266.html
ad管理与维护_详解Windows Server 2016如何搭建AD服务器(图文教程)
热门推荐
weixin_39915267的博客
11-24 1万+
概述今天主要分享怎么在Windows Server 2016服务器上去搭建AD服务器,先介绍下相关概念。相关概念1、AD 服务什么是目录(directory)呢?日常生活中使用的电话薄内记录着亲朋好友的姓名、电话与地址等数据,它就是 telephone directory(电话目录);计算机中的文件系统(file system)内记录着文件的文件名、大小与日期等数据,它就是 file direc...
集成AD,前端实现免登录
隐0士的博客
06-18 8082
转载自添加链接描述 javaweb应用程序与AD身份认证 首先,要做统一身份认证,也就是说,要java应用程序去ad验证这个人的用户名密码是否存在于ad,这个比较简单,只有一个坑,直接上代码吧。 private final String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory"; private final String URL = "ldap://127.0.0.1:389/"; public boolean validateUP(String use
MVC中使用用户名和密码登录系统
easyboot的专栏
03-30 3110
login.cshtml@{ Layout = null; } &lt;!DOCTYPE html&gt; &lt;html&gt; &lt;head&gt; &lt;meta name="viewport" content="width=device-width" /&gt; &lt;title&gt;&lt;/title&gt; &a
ASP.NET MVC应用安全:认证与授权详解
ASP.NET MVC中,有两种主要的认证方式:Forms认证和Windows认证。 - Forms认证:这是最常用的认证方式,通常涉及用户输入用户名和密码的登录表单。ASP.NET MVC提供了内置支持,允许自定义验证逻辑和用户信息存储...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值