在MVC中检索用户数据的Active Directory身份验证

Question

在我的MVC5应用程序中，我通过检查用户是否存在或不在Active Directory中来应用以下方法。现在，我想用另一种方法这样的：我送username和password到active directory如果用户在它的存在，它应该返回一些active directory信息，即用户的Name，Surname，Department。那么，如何在Controller和web.config中定义这种认证？

的web.config：

<configuration> 
    <system.web> 
    <httpCookies httpOnlyCookies="true" /> 
    <authentication mode="Forms"> 
     <forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="45" slidingExpiration="false" protection="All" /> 
    </authentication> 
    <membership defaultProvider="ADMembershipProvider"> 
     <providers> 
     <clear /> 
     <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="myadmin@company" connectionPassword="MyPassword" /> 
     </providers> 
    </membership> 
    </system.web> 
    <connectionStrings> 
    <!-- for LDAP --> 
    <add name="ADConnectionString" connectionString="LDAP://adadfaf.my.company:111/DC=my,DC=company" /> 
    </connectionStrings> 
</configuration> 

控制器：

[AllowAnonymous] 
[ValidateAntiForgeryToken] 
[HttpPost] 
public ActionResult Login(User model, string returnUrl) 
{ 
    if (!this.ModelState.IsValid) 
    { 
     return this.View(model); 
    }  

    //At here I need to retrieve some user data from Active Directory instead of hust a boolean result 
    if (Membership.ValidateUser(model.UserName, model.Password)) 
    { 
     //On the other hand I am not sure if this cookie lines are enough or not. Should I add some additional lines? 
     FormsAuthentication.SetAuthCookie(model.UserName, false); 
     if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") 
      && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) 
     { 
      return this.Redirect(returnUrl); 
     } 
     return this.RedirectToAction("Index", "Issue"); 
    } 

    TempData["message"] = "The user name or password provided is incorrect."; 
    return this.View(model); 
} 

Answer 1

我所做的是创建一个类 “会话用户”，其控股的用户名，其中，LoginName并能够验证用户凭证。

在这个类，你也得把/调用方法/属性获得部，姓和更多...

public class SesssionUser 
{ 
    [Key] 
    [Required] 
    public int UserId { get; set; } 
    [Required] 
    public string LoginName { get; set; } 
    [Required] 
    [DataType(DataType.Password)] 
    public string Password { get; set; } 


    private Boolean IsAuth{ get; set; } 
    public string Department 
    { 
     get { 
     return GetDepartment(); 
     } 
    } 

    private string GetDepartment() 
    { 
     if(!IsAuth) { return null; } 
     //Gets the department. 
    } 

    private bool Authenticate(string userName,string password, string domain) 
    { 
     bool authentic = false; 
     try 
     { 
      DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, 
      userName, password); 
      object nativeObject = entry.NativeObject; 
      authentic = true; 
     } 
      catch (DirectoryServicesCOMException) { } 
      return authentic; 
    } 

    /// <summary> 
    /// Validates the user in the AD 
    /// </summary> 
    /// <returns>true if the credentials are correct else false</returns> 
    public Boolean ValidateUser() 
    { 
     IsAuth = Authenticate(LoginName,Password,"<YourDomain>"); 
     return IsAuth; 
    } 
} 

下一步是创建一个控制器，在我的情况“的AccountController”其中包含用户的登录和注销。它使用FormsAuthentication来设置身份验证。饼干。

using System; 
using System.Globalization; 
using System.Linq; 
using System.Security.Claims; 
using System.Threading.Tasks; 
using System.Web; 
using System.Web.Mvc; 
using Microsoft.AspNet.Identity; 
using Microsoft.AspNet.Identity.Owin; 
using Microsoft.Owin.Security; 
using System.Web.Security; 

using MVCErrorLog.Models; 

//My class 
using Admin.ActiveDirectoryHelper.Objects; 

using MVCErrorLog.ViewModels; 

namespace MVCErrorLog.Controllers 
{ 

    public class AccountController : Controller 
    { 
     public ActionResult Login() 
     { 
      return View(); 
     } 

     [HttpPost] 
     [ValidateAntiForgeryToken] 
     public ActionResult Login(string username, string pw) 
     { 
      if (!ModelState.IsValid) { return RedirectToAction("Index", "Home"); } 

      var sessionUser = new SesssionUser(); 
      sessionUser.LoginName = username; 
      sessionUser.Password = pw; 
      sessionUser.UserId = 1; 

      if (!sessionUser.ValidateUser()) { return View("Login"); } 
      FormsAuthentication.SetAuthCookie(sessionUser.LoginName, true); 
      return RedirectToAction("Index", "ErrorLogs"); 
     } 

     public ActionResult LogOff() 
     { 
      FormsAuthentication.SignOut(); 

      return RedirectToAction("Index", "ErrorLogs"); 
     } 


     private SesssionUser SetupFormsAuthTicket(SesssionUser user, bool persistanceFlag) 
     { 
      var userData = user.UserId.ToString(CultureInfo.InvariantCulture); 
      var authTicket = new FormsAuthenticationTicket(1, //version 
           user.LoginName, // user name 
           DateTime.Now,    //creation 
           DateTime.Now.AddMinutes(30), //Expiration 
           persistanceFlag, //Persistent 
           userData); 

      var encTicket = FormsAuthentication.Encrypt(authTicket); 
      Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); 
      return user; 
     } 


     protected override void Dispose(bool disposing) 
     { 
      if (disposing) 
      { 

      } 

      base.Dispose(disposing); 
     } 
    } 
} 

最后一步是配置conf。文件以使用身份验证。模式窗体

<authentication mode="Forms"> 
    <forms loginUrl="~/Account/Login" timeout="1440" /> <!--1440min = 24hours--> 
</authentication> 

现在，你只需要调用登录在视图中，传递的参数，你是好。