(求助).NET 集成域用户登录如何实现
求助:
现在用.NET做一个bs系统,客户要求和他们其他系统一样,都集成域用户登录,即:在系统中不用输入用户名,密码,通过windows域用户验证的客户即可登录系统。所以我在自己开发的系统中,对域用户和用户做了一个关联。现在需要实现的就是客户端通过IE浏览系统的时候,服务器端如何获取到客户端机器所在的域用户信息?在网上搜索了很多,效果不佳,望实现过的朋友给予帮助,谢谢!qq:254185950
[解决办法]
using System;using System.Data;using System.Configuration;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using System.Runtime.InteropServices; //必要引用using System.Security.Principal; //必要引用/**//// <summary>/// UserLoginForDomain 的摘要说明/// 适用ASP.NET 2.0 /// Windows XP 调试成功/// 调用”advapi32.dll“win32 API/// </summary>namespace UserLoginForDomain{ public class UserLoginForDomainDAO { public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0; WindowsImpersonationContext impersonationContext; [DllImport("advapi32.dll", CharSet = CharSet.Auto)] public static extern int LogonUser(String lpszUserName, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("advapi32.dll", CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public extern static int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken); /**/ /// <summary> /// 输入用户名、密码、登录域判断是否成功 /// </summary> /// <example> /// if (impersonateValidUser(UserName, Domain, Password)){} /// </example> /// <param name="userName">账户名称,如:string UserName = UserNameTextBox.Text;</param> /// <param name="domain">要登录的域,如:string Domain = DomainTextBox.Text;</param> /// <param name="password">账户密码, 如:string Password = PasswordTextBox.Text;</param> /// <returns>成功返回true,否则返回false</returns> public bool impersonateValidUser(String userName, String domain, String password) { WindowsIdentity tempWindowsIdentity; IntPtr token = IntPtr.Zero; IntPtr tokenDuplicate = IntPtr.Zero; if (LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0) { if (DuplicateToken(token, 2, ref tokenDuplicate) != 0) { tempWindowsIdentity = new WindowsIdentity(tokenDuplicate); impersonationContext = tempWindowsIdentity.Impersonate(); if (impersonationContext != null) return true; else return false; } else return false; } else return false; } public void undoImpersonation() { impersonationContext.Undo(); } // // TODO: 在此处添加构造函数逻辑 // } }
[解决办法]
1、user.identity.name获得当前登陆名称。
2、web.config中启用windows验证。
3、拿到域中遍历看是否有此用户名(using System.DirectoryServices)。
4、ie中安全设置-用户验证中填入自动获取用户名和密码(这个恐怕是LZ最想知道的)。
[解决办法]
using System.DirectoryServices;
/// <summary>
/// APAC为域名
/// </summary>
/// <param name="usrId"></param>
/// <param name="pwd"></param>
/// <returns></returns>
public static bool IsAPACUser(string usrId, string pwd)
{
try
{
using (DirectoryEntry de = new DirectoryEntry())
{
de.Path = "LDAP://APAC";
de.Username = "APAC\\" + usrId;
de.Password = pwd;
DirectorySearcher search = new DirectorySearcher(de);
search.Filter = "(SAMAccountName=" + usrId + ")";
search.PropertiesToLoad.Add("CN");
SearchResult r = search.FindOne();
if (r == null)
{
de.Close();
return false;
}
else
{
de.Close();
return true;
}
}
}
catch (Exception ex)
{
return false;
}
}
[解决办法]
方式一:
输入域用户名跟密码 遍历域中是否有该用户
using System.DirectoryServices;/// <summary> /// APAC为域名 /// </summary> /// <param name="usrId"></param> /// <param name="pwd"></param> /// <returns></returns> public static bool IsAPACUser(string usrId, string pwd) { try { using (DirectoryEntry de = new DirectoryEntry()) { de.Path = "LDAP://APAC"; de.Username = "APAC\\" + usrId; de.Password = pwd; DirectorySearcher search = new DirectorySearcher(de); search.Filter = "(SAMAccountName=" + usrId + ")"; search.PropertiesToLoad.Add("CN"); SearchResult r = search.FindOne(); if (r == null) { de.Close(); return false; } else { de.Close(); return true; } } } catch (Exception ex) { return false; } }