c# - tutorial - authentld asp.net mvc 5アプリケーションからadldsインスタンス



mvc c# asp net tutorial (1)

こんにちは私は、LDAP(Windowsの8.1マシンにインストールされているAD LDS)フォームmvc 5アプリケーションに認証を統合したい。
私はweb.configまたは私のC#コードで何かが欠落している場合は間違っているが、私は正常にldp.exeとADSIエディタからここに示されているように管理者権限を持つユーザー=管理者として接続されているかわからない

私のウェブ設定では、私はそれらの行を追加:

<connectionStrings>
<add name="ADWEB"     connectionString="LDAP://M0I:389/CN=Users,CN=Elise,DC=App,DC=com" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="~/Login/Login" defaultUrl="~/home/index" timeout="10" path="/" requireSSL="false" slidingExpiration="true"
    cookieless="UseCookies" domain=""
    enableCrossAppRedirects="false" >
    <credentials passwordFormat="SHA1" />
  </forms>
 </authentication>
 <authorization>
 <deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MyDSProvider">
<providers>
  <clear />

  <add name="MyDSProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,
       System.Web, Version=2.0.0.0, Culture=neutral,
       PublicKeyToken=b03f5f7f11d50a3a" applicationName="LDAP" 
       connectionStringName="ADWEB"
       connectionUsername="CN=Admin,CN=Users,CN=Elise,DC=App,DC=com"
       connectionPassword="Azerty*123" 
       connectionProtection="None" enableSearchMethods="True" />
</providers>
</membership>

<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>

私のログイン方法は、(txtDomainName = App.com、txtUserName = Admin、txtPassword = Azerty * 123)渡していることに注意してください。

        [AllowAnonymous]
    [HttpGet]

    public ActionResult Login ()
    {
        return View();
    }

    [AllowAnonymous]
    [HttpPost]
    public ActionResult Login(string txtDomainName, string txtUserName, string txtPassword)
    {
        // Path to you LDAP directory server.
        // Contact your network administrator to obtain a valid path.
        string adPath = "LDAP://M0I:389/CN=Elise,DC=App,DC=com";
        LDAP.LdapAuthentication adAuth = new LDAP.LdapAuthentication(adPath);

        string error;
        try
        {
            if (true == adAuth.IsAuthenticated(txtDomainName,
                                              txtUserName,
                                              txtPassword))
            {
                // Retrieve the user's groups
                string groups = adAuth.GetGroups();
                // Create the authetication ticket
                FormsAuthenticationTicket authTicket =
                    new FormsAuthenticationTicket(1,  // version
                                                  txtUserName,
                                                  DateTime.Now,
                                                  DateTime.Now.AddMinutes(60),
                                                  false, groups);
                // Now encrypt the ticket.
                string encryptedTicket =
                  FormsAuthentication.Encrypt(authTicket);
                // Create a cookie and add the encrypted ticket to the
                // cookie as data.
                HttpCookie authCookie =
                             new HttpCookie(FormsAuthentication.FormsCookieName,
                                            encryptedTicket);
                // Add the cookie to the outgoing cookies collection.
                Response.Cookies.Add(authCookie);

                // Redirect the user to the originally requested page
                Response.Redirect(
                          FormsAuthentication.GetRedirectUrl(txtUserName,
                                                             false));
            }
            else
            {
                error =
                     "Authentication failed, check username and password.";

            }
        }
        catch (Exception ex)
        {
            error = "Error authenticating. " + ex.Message;

        }

        return RedirectToAction("Index","Home");
    }

彼女は私のログインアクションで使用しているLdapAuthentificationクラスです

using System.Text;
using System.Collections;
using System.DirectoryServices;
using System;

namespace LDAP.LDAP
{
class LdapAuthentication

{
    private string _path;
    private string _filterAttribute;
    public LdapAuthentication(string path)
    {
        _path = path;
    }

    public bool IsAuthenticated(string domain, string username, string pwd)
    {
        string domainAndUsername = domain + @"\" + username;
        DirectoryEntry entry = new DirectoryEntry(_path,
                                                   domainAndUsername,
                                                     pwd);

        try
        {
            // Bind to the native AdsObject to force authentication.
            Object obj = entry.NativeObject;
            DirectorySearcher search = new DirectorySearcher(entry);
            search.Filter = "(SAMAccountName=" + username + ")";
            search.PropertiesToLoad.Add("cn");
            SearchResult result = search.FindOne();
            if (null == result)
            {
                return false;
            }
            // Update the new path to the user in the directory
            _path = result.Path;
            _filterAttribute = (String)result.Properties["cn"][0];
        }
        catch (Exception ex)
        {
            throw new Exception("Error authenticating user. " + ex.Message);
        }
        return true;
    }


    public string GetGroups()
    {
        DirectorySearcher search = new DirectorySearcher(_path);
        search.Filter = "(cn=" + _filterAttribute + ")";
        search.PropertiesToLoad.Add("memberOf");
        StringBuilder groupNames = new StringBuilder();
        try
        {
            SearchResult result = search.FindOne();
            int propertyCount = result.Properties["memberOf"].Count;
            String dn;
            int equalsIndex, commaIndex;

            for (int propertyCounter = 0; propertyCounter < propertyCount;
                 propertyCounter++)
            {
                dn = (String)result.Properties["memberOf"][propertyCounter];

                equalsIndex = dn.IndexOf("=", 1);
                commaIndex = dn.IndexOf(",", 1);
                if (-1 == equalsIndex)
                {
                    return null;
                }
                groupNames.Append(dn.Substring((equalsIndex + 1),
                                  (commaIndex - equalsIndex) - 1));
                groupNames.Append("|");
            }
        }
        catch (Exception ex)
        {
            throw new Exception("Error obtaining group names. " +
              ex.Message);
        }
        return groupNames.ToString();
    }

}
}

注意しなければならないのは、その行の無効なユーザー名またはパスワードです。

Object obj = entry.NativeObject;

$exception  {"Le nom d’utilisateur ou le mot de passe est incorrect.\r\n"}      System.Exception {System.DirectoryServices.DirectoryServicesCOMException}

最後に、web.configの接続文字列を設定せずに、自分のAD LDSインスタンスに接続しました。次のコードは、AD LDSを使用してユーザーを認証する方法を示しています

<authentication mode="Forms">
 <forms name=".AuthCookie" loginUrl="~/Login/Login" defaultUrl="~/home/index" timeout="10" path="/" requireSSL="false" slidingExpiration="true"
    cookieless="UseCookies" domain=""
    enableCrossAppRedirects="false" >
    <credentials passwordFormat="SHA1" />
  </forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

私はこれに私のログインアクションを変更しました:

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
if (Request.IsAuthenticated)
{
 return RedirectToAction("Index", "Home");
}
ViewBag.ReturnUrl = returnUrl;

return View();
}

ログインメソッド:

[AllowAnonymous]
[HttpPost]
[ValidateAntiForgeryToken]
 public ActionResult Login(string txtUserName, string txtPassword, string returnUrl)
      {

          string error;
          try
          {
              PrincipalContext context = new PrincipalContext(ContextType.ApplicationDirectory, "M0I:389", "CN=Elise,DC=App,DC=com", ContextOptions.Negotiate);



              bool auth = context.ValidateCredentials(
                              String.Format("CN={0},CN=Users,CN=Elise,DC=App,DC=com",
                                            txtUserName),
                              txtPassword,
                              ContextOptions.SimpleBind);
//get all users groups
              UserPrincipal user = UserPrincipal.FindByIdentity(context, txtUserName);
              if (user != null)
              {
                  PrincipalSearchResult<Principal> authgroups = user.GetAuthorizationGroups();
                  // do your checking with the auth groups that the user has - against your list 
                  foreach (var item in authgroups)
                  {
                      string x = item.Name;
                  }
              }

              if (true == auth)
              {

                  // Create the authetication ticket
                  FormsAuthenticationTicket authTicket =
                      new FormsAuthenticationTicket(1,  // version
                                                    txtUserName,
                                                    DateTime.Now,
                                                    DateTime.Now.AddMinutes(60),
                                                    false, "Administrators");
                  // Now encrypt the ticket.
                  string encryptedTicket =
                    FormsAuthentication.Encrypt(authTicket);
                  // Create a cookie and add the encrypted ticket to the
                  // cookie as data.
                  HttpCookie authCookie =
                               new HttpCookie(FormsAuthentication.FormsCookieName,
                                              encryptedTicket);
                  // Add the cookie to the outgoing cookies collection.
                  Response.Cookies.Add(authCookie);

                  if (!string.IsNullOrEmpty(returnUrl))
                  {
                      return Redirect(returnUrl);
                  }
                  else
                  {
                      Response.Redirect(
                                FormsAuthentication.GetRedirectUrl(txtUserName,false));
                  }
              }
              else
              {
                  error =
                       "Authentication failed, check username and password.";
                  ModelState.AddModelError(string.Empty, error);
                  ViewBag.ReturnUrl = returnUrl;

              }
          }
          catch (Exception ex)
          {
              error = "Error authenticating. " + ex.Message;
              ModelState.AddModelError(string.Empty, error);
              ViewBag.ReturnUrl = returnUrl;

          }

          return Redirect(returnUrl);
      }

私の唯一の問題は、現在のユーザーがUser.IsInRoleを使用してビュー上の特定のグループのメンバーであるかどうかを確認できないことです。

@ User.Identity.IsAuthenticatedがtrueを返す

@ User.IsInRole( "Administrators")がfalseを返す





ldap