在vb.net中模拟活动目录用户

时间:2022-01-05 02:57:23

I've never programmed the active directory but I would like to do the following:

我从未编写过活动目录,但我想执行以下操作:

  1. On the asp.net site, login using a valid active directory username and password.If the login is valid, redirect to a page to do some actions.

    在asp.net站点上,使用有效的活动目录用户名和密码登录。如果登录有效,则重定向到页面以执行某些操作。

  2. In a related task, but not part of part 1, unlock an account or change the password of an active directory account.

    在相关任务中,但不是第1部分的一部分,解锁帐户或更改活动目录帐户的密码。

Thanks!

2 个解决方案

#1


1.) You should setup your web.config to use Forms authentication. The Membership provider should be set to ActiveDirectoryMembershipProvider. You can use the built-in login control.

1.)您应该设置web.config以使用Forms身份验证。成员资格提供程序应设置为ActiveDirectoryMembershipProvider。您可以使用内置登录控件。

2.) You'd need a Active Directory user who has the specific rights you ask for: unlock accounts, changing passwords. When you perform one of those functions for a AD-user, you need to impersonate the account which ASP executes as to the Active Directory user which has the privileges (to change passwords or unlock accounts).

2.)您需要具有您要求的特定权限的Active Directory用户:解锁帐户,更改密码。当您为AD用户执行这些功能之一时,您需要模拟ASP对具有权限的Active Directory用户执行的帐户(更改密码或解锁帐户)。

#2


You may be able to use 'advapi32.dll' to impersonate a different user on the server side.

您可以使用'advapi32.dll'来模拟服务器端的其他用户。

Grab the sample code off the bottom of the page.

从页面底部抓取示例代码。

I didn’t want to just copy his code here.

我不想在这里复制他的代码。

http://csharptuning.blogspot.com/2007/06/impersonation-in-c.html

One cavet with Impersonation though is that the computer doing the impersonation needs to be on the same domain as the user that your impersonating

然而,模拟的一个问题是,进行模拟的计算机需要与您模拟的用户位于同一个域中

#1


1.) You should setup your web.config to use Forms authentication. The Membership provider should be set to ActiveDirectoryMembershipProvider. You can use the built-in login control.

1.)您应该设置web.config以使用Forms身份验证。成员资格提供程序应设置为ActiveDirectoryMembershipProvider。您可以使用内置登录控件。

2.) You'd need a Active Directory user who has the specific rights you ask for: unlock accounts, changing passwords. When you perform one of those functions for a AD-user, you need to impersonate the account which ASP executes as to the Active Directory user which has the privileges (to change passwords or unlock accounts).

2.)您需要具有您要求的特定权限的Active Directory用户:解锁帐户,更改密码。当您为AD用户执行这些功能之一时,您需要模拟ASP对具有权限的Active Directory用户执行的帐户(更改密码或解锁帐户)。

#2


You may be able to use 'advapi32.dll' to impersonate a different user on the server side.

您可以使用'advapi32.dll'来模拟服务器端的其他用户。

Grab the sample code off the bottom of the page.

从页面底部抓取示例代码。

I didn’t want to just copy his code here.

我不想在这里复制他的代码。

http://csharptuning.blogspot.com/2007/06/impersonation-in-c.html

One cavet with Impersonation though is that the computer doing the impersonation needs to be on the same domain as the user that your impersonating

然而,模拟的一个问题是,进行模拟的计算机需要与您模拟的用户位于同一个域中