waban

导航

ldap实现用户认证

LDAP的用户认证类。

 

public class LDAPHelper
    {
        private DirectoryEntry _objDirectoryEntry;


        /// <summary>
        /// 构造函数
        /// </summary>
        /// <param name="LADPath">ldap的地址,例如"LDAP://***.***.48.110:389/dc=***,dc=com"</param>
        /// <param name="authUserName">连接用户名,例如"cn=root,dc=***,dc=com"</param>
        /// <param name="authPWD">连接密码</param>
        public bool OpenConnection(string LADPath, string authUserName, string authPWD)
        {    //创建一个连接 
             _objDirectoryEntry = new DirectoryEntry(LADPath, authUserName, authPWD, AuthenticationTypes.None);


             if (null == _objDirectoryEntry)
             {
                 return false;
             }
             else if (_objDirectoryEntry.Properties!=null&&_objDirectoryEntry.Properties.Count > 0)
             {
                 return true;
             }
             return false;
        }


        /// <summary>
        /// 检测一个用户和密码是否正确
        /// </summary>
        /// <param name="strLDAPFilter">(|(uid= {0})(cn={0}))</param>
        /// <param name="TestUserID">testuserid</param>
        /// <param name="TestUserPwd">testuserpassword</param>
        /// <param name="ErrorMessage"></param>
        /// <returns></returns>
        public bool CheckUidAndPwd(string strLDAPFilter, string TestUserID, string TestUserPwd, ref string ErrorMessage)
        {
            bool blRet = false;
            try
            {
                //创建一个检索
                DirectorySearcher deSearch = new DirectorySearcher(_objDirectoryEntry);
                //过滤名称是否存在
                deSearch.Filter =strLDAPFilter;
                deSearch.SearchScope = SearchScope.Subtree;


                //find the first instance 
                SearchResult objSearResult = deSearch.FindOne();


                //如果用户密码为空
                if (string.IsNullOrEmpty(TestUserPwd))
                {
                    if (null != objSearResult && null != objSearResult.Properties && objSearResult.Properties.Count > 0)
                    {
                        blRet = true;
                    }
                }
                else if (null != objSearResult && !string.IsNullOrEmpty(objSearResult.Path))
                {
                    //获取用户名路径对应的用户uid
                    int pos = objSearResult.Path.LastIndexOf('/');
                    string uid = objSearResult.Path.Remove(0, pos + 1);
                    DirectoryEntry objUserEntry = new DirectoryEntry(objSearResult.Path, uid, TestUserPwd, AuthenticationTypes.None);
                    if (null != objUserEntry && objUserEntry.Properties.Count > 0)
                    {
                        blRet = true;
                    }
                }
            }
            catch (Exception ex)
            {
                if (null != _objDirectoryEntry)
                {
                    _objDirectoryEntry.Close();
                }
                ErrorMessage = "检测异常:"+ex.StackTrace;
            }
            return blRet;
        }




        /// <summary>
        /// 关闭连接
        /// </summary>
        public void closeConnection()
        {
            if (null != _objDirectoryEntry)
            {
                _objDirectoryEntry.Close();
            }
        }
    }

调用过程如下

 private void btnCheck_Click(object sender, EventArgs e)
        {


            string strLDAPFilter = string.Format(txtFilter.Text, txtUserName.Text.Trim());      
            //deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";


            string TestUserID = txtUserName.Text;
            string TestUserPwd = txtPwd.Text;
            LDAPHelper objldap = new LDAPHelper();
            string strLDAPPath = txtLDAP.Text;
            string strLDAPAdminName = txtLUserName.Text;
            string strLDAPAdminPwd = txtLPwd.Text;
            string strMsg = "";
            bool blRet = objldap.OpenConnection(strLDAPPath, strLDAPAdminName, strLDAPAdminPwd);


            if (blRet)
            {
                blRet = objldap.CheckUidAndPwd(strLDAPFilter, TestUserID, TestUserPwd, ref strMsg);
                if (blRet)
                {
                    strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "成功";
                }
                else if (!blRet && string.IsNullOrEmpty(strMsg))
                {
                    strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "失败";
                }
            }
            this.txtLog.Text = System.DateTime.Now.ToString() + ":" + strMsg + "\r\n" + "\r\n" + this.txtLog.Text;
            MessageBox.Show(strMsg);
        }
    }

调用过程1

bool checkResult = false;
                try
                {
                    string username = Request.Params.Get("username");
                    string userpwd = Request.Params.Get("userpwd");
                    string strLADPath = "LDAP://OU=事业部,DC=HOLD,DC=Company,DC=COM";
                   
                    DirectoryEntry objEntry = new DirectoryEntry(strLADPath);
                    objEntry.AuthenticationType = AuthenticationTypes.None;

                    DirectorySearcher deSearch = new DirectorySearcher(objEntry);
                    //过滤名称是否存在
                    deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
                    deSearch.SearchScope = SearchScope.Subtree;
                    //find the first instance 
                    SearchResult results = deSearch.FindOne();
                    //check username & userpwd
                    if (null != results)
                    {
                        DirectoryEntry objUserEntry = new DirectoryEntry(results.Path, username, userpwd);
                        if (null != objUserEntry && null != objUserEntry.Properties
                            && objUserEntry.Properties.Contains("cn"))
                        {
                            checkResult = true;
                        }
                    }

                    Response.Write("认证结果:" + checkResult.ToString());
                }
                catch (System.Exception ex)
                {
                    Response.Write("认证异常"+ex.StackTrace);
                    Response.Write("认证结果:" + checkResult.ToString());
                }

 

posted on 2016-03-07 09:51  lovingbird  阅读(1943)  评论(0编辑  收藏  举报