{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《authentificate asp.net mvc 5 application from adld》','https://www.manongdao.com/q-672270.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Hi i want to integrate LDAP(AD LDS installed on windows 8.1 machine) forms authentification to my mvc 5 application .
i don't know if i m missing something on the web.config or my c# code is wrong but i m connected successfully from ldp.exe and ADSI Edit as User=Admin who have Administrator Privileges as shown here
in my web config i added those line :
<connectionStrings>
<add name="ADWEB" connectionString="LDAP://M0I:389/CN=Users,CN=Elise,DC=App,DC=com" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="~/Login/Login" defaultUrl="~/home/index" timeout="10" path="/" requireSSL="false" slidingExpiration="true"
cookieless="UseCookies" domain=""
enableCrossAppRedirects="false" >
<credentials passwordFormat="SHA1" />
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MyDSProvider">
<providers>
<clear />
<add name="MyDSProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" applicationName="LDAP"
connectionStringName="ADWEB"
connectionUsername="CN=Admin,CN=Users,CN=Elise,DC=App,DC=com"
connectionPassword="Azerty*123"
connectionProtection="None" enableSearchMethods="True" />
</providers>
</membership>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
my login method note that i'm passing (txtDomainName=App.com, txtUserName=Admin , txtPassword=Azerty*123) :
[AllowAnonymous]
[HttpGet]
public ActionResult Login ()
{
return View();
}
[AllowAnonymous]
[HttpPost]
public ActionResult Login(string txtDomainName, string txtUserName, string txtPassword)
{
// Path to you LDAP directory server.
// Contact your network administrator to obtain a valid path.
string adPath = "LDAP://M0I:389/CN=Elise,DC=App,DC=com";
LDAP.LdapAuthentication adAuth = new LDAP.LdapAuthentication(adPath);
string error;
try
{
if (true == adAuth.IsAuthenticated(txtDomainName,
txtUserName,
txtPassword))
{
// Retrieve the user's groups
string groups = adAuth.GetGroups();
// Create the authetication ticket
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1, // version
txtUserName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, groups);
// Now encrypt the ticket.
string encryptedTicket =
FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(
FormsAuthentication.GetRedirectUrl(txtUserName,
false));
}
else
{
error =
"Authentication failed, check username and password.";
}
}
catch (Exception ex)
{
error = "Error authenticating. " + ex.Message;
}
return RedirectToAction("Index","Home");
}
her is the LdapAuthentification class that i'm using on my login action
using System.Text;
using System.Collections;
using System.DirectoryServices;
using System;
namespace LDAP.LDAP
{
class LdapAuthentication
{
private string _path;
private string _filterAttribute;
public LdapAuthentication(string path)
{
_path = path;
}
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path,
domainAndUsername,
pwd);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
public string GetGroups()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
try
{
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
String dn;
int equalsIndex, commaIndex;
for (int propertyCounter = 0; propertyCounter < propertyCount;
propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
return null;
}
groupNames.Append(dn.Substring((equalsIndex + 1),
(commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
}
catch (Exception ex)
{
throw new Exception("Error obtaining group names. " +
ex.Message);
}
return groupNames.ToString();
}
}
}
Note that the Exception that i have is invalid usersname or password on that line :
Object obj = entry.NativeObject;
$exception {"Le nom d’utilisateur ou le mot de passe est incorrect.\r\n"} System.Exception {System.DirectoryServices.DirectoryServicesCOMException}
finally i m connected to my AD LDS Instance without setting connection string in the web.config the following code show how i managed to authentificate user using AD LDS
and i changed my login action to this :
the login method :
my only problem now is that i can't check if the current users is member of a certain groups on the view using User.IsInRole .