MVC 5绕过Windows身份验证用户身份验证的用户

时间:2022-12-03 21:55:44

I already have a website written using MVC 5 and it uses form authentication using SQL Server.

我已经有一个使用MVC 5编写的网站,它使用SQL Server进行表单身份验证。

Now is it possible that I can bypass Forms Authentication for users that are already on office network. Also I want to keep track of user and apply rules similar to Forms Authentication. Thanks.

现在我可以绕过已经在办公室网络上的用户的表单身份验证。此外,我想跟踪用户并应用类似于表单身份验证的规则。谢谢。

1 个解决方案

#1


1  

Yes you can do that. Here's the code to check user in domain. First get the domain name and try to verify user with domain. If this fails then proceed to forms authentication.

是的,你可以这么做。这是检查域中用户的代码。首先获取域名并尝试使用域验证用户。如果失败,则继续进行表单身份验证。

 public static string DomainControllerName { get; private set; }
 public static string ComputerName { get; private set; }
 public static string DomainName { get; private set; }
 public static string DomainPath
 {
            get
            {
                bool bFirst = true;
                StringBuilder sbReturn = new StringBuilder(200);
                string[] strlstDc = DomainName.Split('.');
                foreach (string strDc in strlstDc)
                {
                    if (bFirst)
                    {
                        sbReturn.Append("DC=");
                        bFirst = false;
                    }
                    else
                        sbReturn.Append(",DC=");

                    sbReturn.Append(strDc);
                }
                return sbReturn.ToString();
            }
 }
        public static string RootPath
        {
            get
            {
                return string.Format("LDAP://{0}/{1}", DomainName, DomainPath);
            }
        }
Domain domain = null;
DomainController domainController = null;
try
{
    domain = Domain.GetCurrentDomain();
        DomainName = domain.Name;
        domainController = domain.PdcRoleOwner;
        DomainControllerName = domainController.Name.Split('.')[0];
        ComputerName = Environment.MachineName;
}
finally
{
if (domain != null)
       domain.Dispose();
if (domainController != null)
       domainController.Dispose();
}


try
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
    {
                DirectoryEntry root = new DirectoryEntry(RootPath, txtUserName.Text.Trim(), txtPassword.Text);
                DirectorySearcher search = new DirectorySearcher(root);

            search.SearchScope = SearchScope.Subtree;
            search.Filter = "(sAMAccountName=" + txtUserName.Text.Trim() + ")";
            SearchResultCollection results = search.FindAll();

            UserPrincipal userP = UserPrincipal.FindByIdentity(ctx, txtUserName.Text.Trim());

            if (userP != null && results != null)
            {
                //Get the user's groups
                var groups = userP.GetAuthorizationGroups();
                if (groups.Count(x => x.Name == ConfigurationManager.AppSettings["UserGroup"].ToString()) > 0)
                {
                    //Successful login code here
                }
                else
                {
                    //"Access Denied !";
                }
            }
            else
            {
                //"User Name or Password is incorrect. Try again !"
            }
        }
    }
    catch
    {
        //"User Name or Password is incorrect. Try again !"
    }

#1


1  

Yes you can do that. Here's the code to check user in domain. First get the domain name and try to verify user with domain. If this fails then proceed to forms authentication.

是的,你可以这么做。这是检查域中用户的代码。首先获取域名并尝试使用域验证用户。如果失败,则继续进行表单身份验证。

 public static string DomainControllerName { get; private set; }
 public static string ComputerName { get; private set; }
 public static string DomainName { get; private set; }
 public static string DomainPath
 {
            get
            {
                bool bFirst = true;
                StringBuilder sbReturn = new StringBuilder(200);
                string[] strlstDc = DomainName.Split('.');
                foreach (string strDc in strlstDc)
                {
                    if (bFirst)
                    {
                        sbReturn.Append("DC=");
                        bFirst = false;
                    }
                    else
                        sbReturn.Append(",DC=");

                    sbReturn.Append(strDc);
                }
                return sbReturn.ToString();
            }
 }
        public static string RootPath
        {
            get
            {
                return string.Format("LDAP://{0}/{1}", DomainName, DomainPath);
            }
        }
Domain domain = null;
DomainController domainController = null;
try
{
    domain = Domain.GetCurrentDomain();
        DomainName = domain.Name;
        domainController = domain.PdcRoleOwner;
        DomainControllerName = domainController.Name.Split('.')[0];
        ComputerName = Environment.MachineName;
}
finally
{
if (domain != null)
       domain.Dispose();
if (domainController != null)
       domainController.Dispose();
}


try
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
    {
                DirectoryEntry root = new DirectoryEntry(RootPath, txtUserName.Text.Trim(), txtPassword.Text);
                DirectorySearcher search = new DirectorySearcher(root);

            search.SearchScope = SearchScope.Subtree;
            search.Filter = "(sAMAccountName=" + txtUserName.Text.Trim() + ")";
            SearchResultCollection results = search.FindAll();

            UserPrincipal userP = UserPrincipal.FindByIdentity(ctx, txtUserName.Text.Trim());

            if (userP != null && results != null)
            {
                //Get the user's groups
                var groups = userP.GetAuthorizationGroups();
                if (groups.Count(x => x.Name == ConfigurationManager.AppSettings["UserGroup"].ToString()) > 0)
                {
                    //Successful login code here
                }
                else
                {
                    //"Access Denied !";
                }
            }
            else
            {
                //"User Name or Password is incorrect. Try again !"
            }
        }
    }
    catch
    {
        //"User Name or Password is incorrect. Try again !"
    }