1、首先新建一个页面(Login.aspx):前台代码(Login.aspx):
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>无标题页</title>
</head>
<body>
<form id="Login" method="post" runat="server">
<asp:Label ID="Label1" runat="server" >Domain:</asp:Label>
<asp:TextBox ID="txtDomain" runat="server" ></asp:TextBox><br>
<asp:Label ID="Label2" runat="server" >Username:</asp:Label>
<asp:TextBox ID="txtUsername" runat="server" ></asp:TextBox><br>
<asp:Label ID="Label3" runat="server" >Password:</asp:Label>
<asp:TextBox ID="txtPassword" runat="server" TextMode=Password></asp:TextBox><br>
<asp:Button ID="btnLogin" runat="server" Text="Login" OnClick="Login_Click"></asp:Button><br>
<asp:Label ID="errorLabel" runat="server" ForeColor=#ff3300></asp:Label><br>
<asp:CheckBox ID="chkPersist" runat="server" Text="Persist Cookie" />
</form></body>
</html>后台代码(Login.aspx.cs):
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{}
protected void Login_Click(object sender, EventArgs e)
{
string adPath = "LDAP://" + txtDomain.Text;LdapAuthentication adAuth = new LdapAuthentication(adPath);
try
{
if (true == adAuth.IsAuthenticated(txtDomain.Text, txtUsername.Text, txtPassword.Text))
{
string groups = adAuth.GetGroupByUser();//Create the ticket, and add the groups.
bool isCookiePersistent = chkPersist.Checked;
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups);//Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);//Create a cookie, and then add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);if (true == isCookiePersistent)
authCookie.Expires = authTicket.Expiration;//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);//You can redirect now.
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));
}
else
{
errorLabel.Text = "Authentication did not succeed. Check user name and password.";
}
}
catch (Exception ex)
{
errorLabel.Text = "Error authenticating. " + ex.Message;
}
}
}
2、在Global.asax里写:void Application_AuthenticateRequest(object sender, EventArgs e)
{
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];if (null == authCookie)
{
//There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception ex)
{
//Write the exception to the Event Log.
return;
}
if (null == authTicket)
{
//Cookie failed to decrypt.
return;
}
//When the ticket was created, the UserData property was assigned a
//pipe-delimited string of group names.
string[] groups = authTicket.UserData.Split(new char[] { '|' });
//Create an Identity.
System.Security.Principal.GenericIdentity id = new System.Security.Principal.GenericIdentity(authTicket.Name, "LdapAuthentication");
//This principal flows throughout the request.
System.Security.Principal.GenericPrincipal principal = new System.Security.Principal.GenericPrincipal(id, groups);
Context.User = principal;
}3、在Web.Config里加上:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10" path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>4、再新建一个页面(WebForm1.aspx):
前台代码(WebForm1.aspx):
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="WebForm1.aspx.cs" Inherits="WebForm1" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>无标题页</title>
</head>
<body>
<form id="Form1" method="post" runat="server">
<asp:Label ID="lblName" runat="server" /><br/>
<asp:Label ID="lblAuthType" runat="server" />
</form>
</body>
</html>后台代码(WebForm1.aspx.cs):
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;public partial class WebForm1 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
lblName.Text = "Hello " + Context.User.Identity.Name + ".";
lblAuthType.Text = "You were authenticated using " + Context.User.Identity.AuthenticationType + ".";
}
}5、再新建一个类(对域的操作主要都要这个类里):
LdapAuthentication.cs:
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.DirectoryServices;
using System.Text;/// <summary>
/// LdapAuthentication 的摘要说明
/// </summary>
public class LdapAuthentication
{
public LdapAuthentication()
{
}
private string _path;
private string _filterAttribute;public LdapAuthentication(string path)
{
_path = path;
}/// <summary>
/// 判断是否域用户
/// </summary>
/// <param name="domain">域名</param>
/// <param name="username">用户名</param>
/// <param name="pwd">密码</param>
/// <returns></returns>
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (string)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}/// <summary>
/// 根据用户名获取所属组名
/// </summary>
/// <returns></returns>
public string GetGroupByUser()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();try
{
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
string dn;
int equalsIndex, commaIndex;for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (string)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
return null;
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
}
}
catch (Exception ex)
{
throw new Exception("Error obtaining group names. " + ex.Message);
}
return groupNames.ToString();
}/// <summary>
/// 获取组用户
/// </summary>
/// <param name="Groupname">组名</param>
/// <returns></returns>
public string[] GetUsersForGroup(string Groupname)
{
DirectorySearcher ds = new DirectorySearcher(_path);
ds.Filter = "(&(objectClass=group)(cn=" + Groupname + "))";
ds.PropertiesToLoad.Add("member");
SearchResult r = ds.FindOne();if (r.Properties["member"] == null)
{
return (null);
}string[] results = new string[r.Properties["member"].Count];
for (int i = 0; i < r.Properties["member"].Count; i++)
{
string theGroupPath = r.Properties["member"][i].ToString();
results[i] = theGroupPath.Substring(3, theGroupPath.IndexOf(",") - 3);
}
return (results);
}/// <summary>
/// 获取用户所属组
/// </summary>
/// <param name="username">用户名</param>
/// <returns></returns>
public string[] GetGroupsForUser(string username)
{
DirectorySearcher ds = new DirectorySearcher(_path);
ds.Filter = "(&(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("memberof");
SearchResult r = ds.FindOne();if (r.Properties["memberof"].Count == 0)
{
return (null);
}string[] results = new string[r.Properties["memberof"].Count];
for (int i = 0; i < r.Properties["memberof"].Count; i++)
{
string theGroupPath = r.Properties["memberof"][i].ToString();
results[i] = theGroupPath.Substring(3, theGroupPath.IndexOf(",") - 3);
}
return (results);
}public string[] GetAllGroupsForUser(string username)
{
DirectorySearcher ds = new DirectorySearcher(_path);
ds.Filter = "(&(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("memberof");
SearchResult r = ds.FindOne();
if (r.Properties["memberof"] == null)
{
return (null);
}
string[] results = new string[r.Properties["memberof"].Count + 1];
for (int i = 0; i < r.Properties["memberof"].Count; i++)
{
string theGroupPath = r.Properties["memberof"][i].ToString();
results[i] = theGroupPath.Substring(3, theGroupPath.IndexOf(",") - 3);
}
results[r.Properties["memberof"].Count] = "All";//All组属于任何人,在AD之外定义了一个组,以便分配用户权限
return (results);
}/// <summary>
/// 获取组用户
/// </summary>
/// <param name="username">用户名</param>
/// <returns></returns>public string GetUserDisplayName(string username)
{
string results;
DirectorySearcher ds = new DirectorySearcher(_path);
ds.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("DisplayName");
SearchResult r = ds.FindOne();
results = r.GetDirectoryEntry().InvokeGet("DisplayName").ToString();
return (results);}
public string GetAdGroupDescription(string prefix)//根据CN获取组description
{
string results;
DirectorySearcher groupsDS = new DirectorySearcher(_path);
groupsDS.Filter = "(&(objectClass=group)(CN=" + prefix + "*))";
groupsDS.PropertiesToLoad.Add("cn");
SearchResult sr = groupsDS.FindOne();
results = sr.GetDirectoryEntry().InvokeGet("description").ToString();
return (results);
}public DataTable GetAdGroupInfo()//根据CN获取组信息
{
DataTable dt = new DataTable();
dt.Columns.Add("URL", typeof(System.String));
dt.Columns.Add("cn", typeof(System.String));
dt.Columns.Add("Description", typeof(System.String));DirectorySearcher searcher = new DirectorySearcher(_path);
searcher.Filter = "(&(objectClass=group))";
//searcher.SearchScope = SearchScope.Subtree;
//searcher.Sort = new SortOption("description", System.DirectoryServices.SortDirection.Ascending);
searcher.PropertiesToLoad.AddRange(new string[] { "cn", "description" });
SearchResultCollection results = searcher.FindAll();
if (results.Count == 0)
{
return (null);
}
else
{
foreach (SearchResult result in results)
{
DataRow dr = dt.NewRow();
dr[0] = result.Path.ToString();
dr[1] = result.GetDirectoryEntry().InvokeGet("cn").ToString();
if (result.GetDirectoryEntry().InvokeGet("Description") != null)
dr[2] = result.GetDirectoryEntry().InvokeGet("Description").ToString();
else
dr[2] = result.GetDirectoryEntry().InvokeGet("cn").ToString();
dt.Rows.Add(dr);
}
dt.DefaultView.Sort = "description ASC";
return dt;
}}
public string getAccountName(string cn) //根据CN获取登陆名
{
foreach (string path in _path.Split(','))
{
DirectorySearcher ds = new DirectorySearcher(path);
ds.Filter = "(&(objectClass=user)(cn=*" + cn + "*))";
ds.PropertiesToLoad.Add("sAMAccountName");
SearchResult r = ds.FindOne();
if (r != null)
return r.GetDirectoryEntry().InvokeGet("sAMAccountName").ToString();
}
return null;
}public DataTable adUserlist(string groupname) //生成用户数据表
{
DataTable dt = new DataTable();
dt.Columns.Add("cn", typeof(System.String));
dt.Columns.Add("sAMAccountName", typeof(System.String));
string[] groupmember = GetUsersForGroup(groupname);
if (groupmember.Length == 0)
{
return null;
}
else
{
foreach (string member in groupmember)
{
if (IsAccountActive(getAccountControl(getAccountName(member))))
{
DataRow dr = dt.NewRow();
dr[0] = member.ToString();
dr[1] = getAccountName(member);
dt.Rows.Add(dr);
}
}
return dt;}
}public DataTable adUserlist() //生成指定的用户信息数据表
{
DataTable dt = new DataTable();
dt.Columns.Add("memberof", typeof(System.String));
dt.Columns.Add("cn", typeof(System.String));
dt.Columns.Add("Description", typeof(System.String));
dt.Columns.Add("name", typeof(System.String));
dt.Columns.Add("Mail", typeof(System.String));
dt.Columns.Add("samaccountname", typeof(System.String));
dt.Columns.Add("whencreated", typeof(System.String));
dt.Columns.Add("title", typeof(System.String));
dt.Columns.Add("department", typeof(System.String));
DirectorySearcher searcher = new DirectorySearcher(_path);
//searcher.Filter = "(description=ADPJ*)";
searcher.Filter = "(description=ADPL*)";
searcher.PropertiesToLoad.AddRange(new string[] { "memberof", "cn", "description", "name", "Mail", "samaccountname", "whencreated", "title", "department"});
SearchResultCollection results = searcher.FindAll();if (results.Count == 0)
{
return (null);
}
else
{
foreach (SearchResult result in results)
{DataRow dr = dt.NewRow();
//dr[0] = result.Path.ToString();
if (result.GetDirectoryEntry().InvokeGet("memberof") != null)
dr[0] = result.GetDirectoryEntry().InvokeGet("memberof").ToString();
else
dr[0] = "";
if (result.GetDirectoryEntry().InvokeGet("cn") != null)
dr[1] = result.GetDirectoryEntry().InvokeGet("cn").ToString();
else
dr[1] = "";if (result.GetDirectoryEntry().InvokeGet("Description") != null)
dr[2] = result.GetDirectoryEntry().InvokeGet("Description").ToString();
else
dr[2] = result.GetDirectoryEntry().InvokeGet("cn").ToString();
if (result.GetDirectoryEntry().InvokeGet("name") != null)
dr[3] = result.GetDirectoryEntry().InvokeGet("name").ToString();
else
dr[3] = "";
if (result.GetDirectoryEntry().InvokeGet("Mail") != null)
dr[4] = result.GetDirectoryEntry().InvokeGet("Mail").ToString();
else
dr[4] = "";
if (result.GetDirectoryEntry().InvokeGet("samaccountname") != null)
dr[5] = result.GetDirectoryEntry().Properties["samaccountname"].Value.ToString();
else
dr[5] = "";
if (result.GetDirectoryEntry().InvokeGet("whencreated") != null)
dr[6] = result.GetDirectoryEntry().Properties["whencreated"].Value.ToString();
else
dr[6] = "";if (result.GetDirectoryEntry().InvokeGet("title") != null)
dr[7] = result.GetDirectoryEntry().Properties["title"].Value.ToString();
else
dr[7] = "";
if (result.GetDirectoryEntry().InvokeGet("department") != null)
dr[8] = result.GetDirectoryEntry().Properties["department"].Value.ToString();