I've never programmed the active directory but I would like to do the following:
我从未编写过活动目录,但我想执行以下操作:
-
On the asp.net site, login using a valid active directory username and password.If the login is valid, redirect to a page to do some actions.
在asp.net站点上,使用有效的活动目录用户名和密码登录。如果登录有效,则重定向到页面以执行某些操作。
-
In a related task, but not part of part 1, unlock an account or change the password of an active directory account.
在相关任务中,但不是第1部分的一部分,解锁帐户或更改活动目录帐户的密码。
Thanks!
2 个解决方案
#1
1.) You should setup your web.config to use Forms authentication. The Membership provider should be set to ActiveDirectoryMembershipProvider. You can use the built-in login control.
1.)您应该设置web.config以使用Forms身份验证。成员资格提供程序应设置为ActiveDirectoryMembershipProvider。您可以使用内置登录控件。
2.) You'd need a Active Directory user who has the specific rights you ask for: unlock accounts, changing passwords. When you perform one of those functions for a AD-user, you need to impersonate the account which ASP executes as to the Active Directory user which has the privileges (to change passwords or unlock accounts).
2.)您需要具有您要求的特定权限的Active Directory用户:解锁帐户,更改密码。当您为AD用户执行这些功能之一时,您需要模拟ASP对具有权限的Active Directory用户执行的帐户(更改密码或解锁帐户)。
#2
You may be able to use 'advapi32.dll' to impersonate a different user on the server side.
您可以使用'advapi32.dll'来模拟服务器端的其他用户。
Grab the sample code off the bottom of the page.
从页面底部抓取示例代码。
I didn’t want to just copy his code here.
我不想在这里复制他的代码。
http://csharptuning.blogspot.com/2007/06/impersonation-in-c.html
One cavet with Impersonation though is that the computer doing the impersonation needs to be on the same domain as the user that your impersonating
然而,模拟的一个问题是,进行模拟的计算机需要与您模拟的用户位于同一个域中
#1
1.) You should setup your web.config to use Forms authentication. The Membership provider should be set to ActiveDirectoryMembershipProvider. You can use the built-in login control.
1.)您应该设置web.config以使用Forms身份验证。成员资格提供程序应设置为ActiveDirectoryMembershipProvider。您可以使用内置登录控件。
2.) You'd need a Active Directory user who has the specific rights you ask for: unlock accounts, changing passwords. When you perform one of those functions for a AD-user, you need to impersonate the account which ASP executes as to the Active Directory user which has the privileges (to change passwords or unlock accounts).
2.)您需要具有您要求的特定权限的Active Directory用户:解锁帐户,更改密码。当您为AD用户执行这些功能之一时,您需要模拟ASP对具有权限的Active Directory用户执行的帐户(更改密码或解锁帐户)。
#2
You may be able to use 'advapi32.dll' to impersonate a different user on the server side.
您可以使用'advapi32.dll'来模拟服务器端的其他用户。
Grab the sample code off the bottom of the page.
从页面底部抓取示例代码。
I didn’t want to just copy his code here.
我不想在这里复制他的代码。
http://csharptuning.blogspot.com/2007/06/impersonation-in-c.html
One cavet with Impersonation though is that the computer doing the impersonation needs to be on the same domain as the user that your impersonating
然而,模拟的一个问题是,进行模拟的计算机需要与您模拟的用户位于同一个域中