C#开发中Windows域认证登录2(扩展吉日嘎拉GPM系统)
C#开发中Windows域认证登录2(扩展吉日嘎拉GPM系统)
上午写了一篇《C#开发中Windows域认证登录》,然后跟吉日嘎拉沟通了一下,还是把这个Windows AD用户登录的功能扩展到DotNet.Business中,重新命名为LDAP方式的登录,因为需要引用System.DirectoryServices,暂时用不到此功能的朋友,可以exclude此文件(DotNet.Business\WebUtilities\Utilities.LogOnLDAP.cs)。
<br/>//-----------------------------------------------------------------<br/>// All Rights Reserved , Copyright (C) 2013 , Hairihan TECH, Ltd .<br/>//-----------------------------------------------------------------<br/><br/>using System;<br/>using System.Collections.Generic;<br/>using System.Configuration;<br/>using System.Data;<br/>using System.Text;<br/>using System.Web;<br/>using System.Web.Caching;<br/>using System.Web.Security;<br/>using System.DirectoryServices;<br/>using DotNet.Utilities;<br/><br/>namespace DotNet.Business<br/>{<br/> /// <summary><br/> /// LDAP登录功能相关部分<br/> /// </summary><br/> public partial class Utilities<br/> {<br/> // LDAP域用户登录部分:包括Windows AD域用户登录<br/> #region public static BaseUserInfo LogOnByLDAP(string domain, string lDAP, string userName, string password, string permissionCode, bool persistCookie, bool formsAuthentication, out string statusCode, out string statusMessage)<br/> /// <summary><br/> /// 验证LDAP用户<br/> /// </summary><br/> /// <param name="domain">域</param><br/> /// <param name="lDAP">LDAP</param><br/> /// <param name="userName">域用户名</param><br/> /// <param name="password">域密码</param><br/> /// <param name="permissionCode">权限编号</param><br/> /// <param name="persistCookie">是否保存密码</param><br/> /// <param name="formsAuthentication">表单验证,是否需要重定位</param><br/> /// <param name="statusCode"></param><br/> /// <param name="statusMessage"></param><br/> /// <returns></returns><br/> public static BaseUserInfo LogOnByLDAP(string domain, string lDAP, string userName, string password, string permissionCode, bool persistCookie, bool formsAuthentication, out string statusCode, out string statusMessage)<br/> {<br/> DirectoryEntry dirEntry = new DirectoryEntry();<br/> dirEntry.Path = lDAP;<br/> dirEntry.Username = domain + "\\" + userName;<br/> dirEntry.Password = password;<br/> dirEntry.AuthenticationType = AuthenticationTypes.Secure;<br/><br/> try<br/> {<br/> DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);<br/> dirSearcher.Filter = String.Format("(&(objectClass=user)(samAccountName={0}))", userName);<br/> System.DirectoryServices.SearchResult result = dirSearcher.FindOne();<br/> if (result != null)<br/> {<br/> // 统一的登录服务<br/> DotNetService dotNetService = new DotNetService();<br/> BaseUserInfo userInfo = dotNetService.LogOnService.LogOnByUserName(Utilities.GetUserInfo(), userName, out statusCode, out statusMessage);<br/> // 检查身份<br/> if (statusCode.Equals(Status.OK.ToString()))<br/> {<br/> userInfo.IPAddress = GetIPAddressId();<br/><br/> bool isAuthorized = true;<br/> // 用户是否有哪个相应的权限<br/> if (!string.IsNullOrEmpty(permissionCode))<br/> {<br/> isAuthorized = dotNetService.PermissionService.IsAuthorized(user
Info, permissionCode, null);<br/> }<br/> // 有相应的权限才可以登录<br/> if (isAuthorized)<br/> {<br/> if (persistCookie)<br/> {<br/> // 相对安全的方式保存登录状态<br/> // SaveCookie(userName, password);<br/> // 内部单点登录方式<br/> SaveCookie(userInfo);<br/> }<br/> else<br/> {<br/> RemoveUserCookie();<br/> }<br/> LogOn(userInfo, formsAuthentication);<br/> }<br/> else<br/> {<br/> statusCode = Status.LogOnDeny.ToString();<br/> statusMessage = "访问被拒绝、您的账户没有后台管理访问权限。";<br/> }<br/> }<br/><br/> return userInfo;<br/> }<br/> else<br/> {<br/> statusCode = Status.LogOnDeny.ToString();<br/> statusMessage = "应用系统用户不存在,请联系管理员。";<br/> return null;<br/> }<br/> }<br/> catch (Exception e)<br/> {<br/> //Logon failure: unknown user name or bad password.<br/> statusCode = Status.LogOnDeny.ToString();<br/> statusMessage = "域服务器返回信息" + e.Message.Replace("\r\n", "");<br/> return null;<br/> }<br/><br/> <br/> }<br/> #endregion<br/><br/> }<br/>}<br/>
前端的登录文件-SigninLDAP.aspx,代码较多可参考Signin.aspx。
腾讯云开发者
