LDAP的用户认证类。
public class LDAPHelper { private DirectoryEntry _objDirectoryEntry; /// <summary> /// 构造函数 /// </summary> /// <param name="LADPath">ldap的地址,例如"LDAP://***.***.48.110:389/dc=***,dc=com"</param> /// <param name="authUserName">连接用户名,例如"cn=root,dc=***,dc=com"</param> /// <param name="authPWD">连接密码</param> public bool OpenConnection(string LADPath, string authUserName, string authPWD) { //创建一个连接 _objDirectoryEntry = new DirectoryEntry(LADPath, authUserName, authPWD, AuthenticationTypes.None); if (null == _objDirectoryEntry) { return false; } else if (_objDirectoryEntry.Properties!=null&&_objDirectoryEntry.Properties.Count > 0) { return true; } return false; } /// <summary> /// 检测一个用户和密码是否正确 /// </summary> /// <param name="strLDAPFilter">(|(uid= {0})(cn={0}))</param> /// <param name="TestUserID">testuserid</param> /// <param name="TestUserPwd">testuserpassword</param> /// <param name="ErrorMessage"></param> /// <returns></returns> public bool CheckUidAndPwd(string strLDAPFilter, string TestUserID, string TestUserPwd, ref string ErrorMessage) { bool blRet = false; try { //创建一个检索 DirectorySearcher deSearch = new DirectorySearcher(_objDirectoryEntry); //过滤名称是否存在 deSearch.Filter =strLDAPFilter; deSearch.SearchScope = SearchScope.Subtree; //find the first instance SearchResult objSearResult = deSearch.FindOne(); //如果用户密码为空 if (string.IsNullOrEmpty(TestUserPwd)) { if (null != objSearResult && null != objSearResult.Properties && objSearResult.Properties.Count > 0) { blRet = true; } } else if (null != objSearResult && !string.IsNullOrEmpty(objSearResult.Path)) { //获取用户名路径对应的用户uid int pos = objSearResult.Path.LastIndexOf('/'); string uid = objSearResult.Path.Remove(0, pos + 1); DirectoryEntry objUserEntry = new DirectoryEntry(objSearResult.Path, uid, TestUserPwd, AuthenticationTypes.None); if (null != objUserEntry && objUserEntry.Properties.Count > 0) { blRet = true; } } } catch (Exception ex) { if (null != _objDirectoryEntry) { _objDirectoryEntry.Close(); } ErrorMessage = "检测异常:"+ex.StackTrace; } return blRet; } /// <summary> /// 关闭连接 /// </summary> public void closeConnection() { if (null != _objDirectoryEntry) { _objDirectoryEntry.Close(); } } }
调用过程如下
private void btnCheck_Click(object sender, EventArgs e) { string strLDAPFilter = string.Format(txtFilter.Text, txtUserName.Text.Trim()); //deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))"; string TestUserID = txtUserName.Text; string TestUserPwd = txtPwd.Text; LDAPHelper objldap = new LDAPHelper(); string strLDAPPath = txtLDAP.Text; string strLDAPAdminName = txtLUserName.Text; string strLDAPAdminPwd = txtLPwd.Text; string strMsg = ""; bool blRet = objldap.OpenConnection(strLDAPPath, strLDAPAdminName, strLDAPAdminPwd); if (blRet) { blRet = objldap.CheckUidAndPwd(strLDAPFilter, TestUserID, TestUserPwd, ref strMsg); if (blRet) { strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "成功"; } else if (!blRet && string.IsNullOrEmpty(strMsg)) { strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "失败"; } } this.txtLog.Text = System.DateTime.Now.ToString() + ":" + strMsg + " " + " " + this.txtLog.Text; MessageBox.Show(strMsg); } }
调用过程1
bool checkResult = false; try { string username = Request.Params.Get("username"); string userpwd = Request.Params.Get("userpwd"); string strLADPath = "LDAP://OU=事业部,DC=HOLD,DC=Company,DC=COM"; DirectoryEntry objEntry = new DirectoryEntry(strLADPath); objEntry.AuthenticationType = AuthenticationTypes.None; DirectorySearcher deSearch = new DirectorySearcher(objEntry); //过滤名称是否存在 deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))"; deSearch.SearchScope = SearchScope.Subtree; //find the first instance SearchResult results = deSearch.FindOne(); //check username & userpwd if (null != results) { DirectoryEntry objUserEntry = new DirectoryEntry(results.Path, username, userpwd); if (null != objUserEntry && null != objUserEntry.Properties && objUserEntry.Properties.Contains("cn")) { checkResult = true; } } Response.Write("认证结果:" + checkResult.ToString()); } catch (System.Exception ex) { Response.Write("认证异常"+ex.StackTrace); Response.Write("认证结果:" + checkResult.ToString()); }