vb.net 使用活动目录登录身份验证asp.net
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13423010/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Login authentication asp.net with active directory
提问by jdrageme01
i have a project where i need to use the active directory for login to a website made in asp.net, i follow this tutorial....
我有一个项目,我需要使用活动目录登录到在 asp.net 中制作的网站,我按照本教程....
Active Directory Authentication from ASP .NET
来自 ASP .NET 的 Active Directory 身份验证
now i want to get the groups of the user, i tried the next code in the default.aspx.vb page but doesn't work..
现在我想获取用户组,我尝试了 default.aspx.vb 页面中的下一个代码,但不起作用。
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name))
Dim id As FormsIdentity = CType(User.Identity, FormsIdentity)
If id IsNot Nothing Then
Dim ticket As FormsAuthenticationTicket = id.Ticket
Response.Write("<p/>TicketName: " + ticket.Name)
Response.Write("<br/>Cookie Path: " + ticket.CookiePath)
Response.Write("<br/>Ticket Expiration: " + ticket.Expiration.ToString())
Response.Write("<br/>Expired: " + ticket.Expired.ToString())
Response.Write("<br/>Persistent: " + ticket.IsPersistent.ToString())
Response.Write("<br/>IssueDate: " + ticket.IssueDate.ToString())
Response.Write("<br/>UserData: " + ticket.UserData)
Response.Write("<br/>Version: " + ticket.Version.ToString())
End If
End Sub
回答by jdrageme01
I find a better solution, is more easy than any answer that i find on the internet.
我找到了一个更好的解决方案,比我在互联网上找到的任何答案都容易。
First i create a class to validate if an user is in a group in the active directory:
首先,我创建一个类来验证用户是否在活动目录中的组中:
Imports System.Security.Principal
Public Class AutorizationFun
Dim access As Boolean = False
Dim id As WindowsIdentity = WindowsIdentity.GetCurrent()
Public User As WindowsPrincipal = New WindowsPrincipal(id)
Region "Groups Verification"
区域“组验证”
'Belongs to sample group
Private Function inSampleGroup() As Boolean
Return User.IsInRole("bth0\GG BTUC-SAMPLEGROUP")
End Function
Private Function inSampleGroup2() As Boolean
Return User.IsInRole("bth0\GG BTUC-SAMPLEGROUP2")
End Function
End Region
结束区域
Public Function ProgramsAccsess(ByVal vPage As String) As Boolean
access = False
Select Case vPage
Case "~/Sample.aspx"
If inSampleGroup() Then
access = True
End If
'---------------------------------------------------------------------
End Select
'*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
'access = True
'*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Return access
End Function
End Class
Then you have to create a function in the code behind of all pages:
然后你必须在所有页面后面的代码中创建一个函数:
'create var
Dim ValidateUser As New AutorizationFun
Protected Sub VerifyAccessPage()
If ValidateUser.ProgramsAccsess(Request.AppRelativeCurrentExecutionFilePath) = False Then
Response.Redirect("~/DeniedAccess.aspx")
End If
End Sub
And to finish to have to use the function in the Page_load event:
并完成必须在 Page_load 事件中使用该函数:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'check whether page is postback or not
If Not Page.IsPostBack Then
VerifyAccessPage()
End If
End Sub
回答by Carlos Grappa
If your server is in a Windows Domain it should be connected to Active Directory, so by using windows authentication you already login with AD credentials (since the user has to be in the domain before, or it will be asked for AD credentials by the browser)
如果您的服务器在 Windows 域中,它应该连接到 Active Directory,因此通过使用 Windows 身份验证,您已经使用 AD 凭据登录(因为用户之前必须在域中,否则浏览器将要求提供 AD 凭据)
To get the user groups you could use the DirectorySearcherclass, obviously when you
要获取用户组,您可以使用DirectorySearcher类,显然当您
