C#开发中Windows域认证登录2(扩展吉日嘎拉GPM系统)

原文地址:http://www.cuiwenyuan.com/shanghai/post/Windows-AD-Logon-Intergrated-into-Jirigala-GPM-DotNet-Business.html

上午写了一篇《C#开发中Windows域认证登录》,然后跟吉日嘎拉沟通了一下,还是把这个Windows AD用户登录的功能扩展到DotNet.Business中,重新命名为LDAP方式的登录,因为需要引用System.DirectoryServices,暂时用不到此功能的朋友,可以exclude此文件(DotNet.Business\WebUtilities\Utilities.LogOnLDAP.cs)。

 

//-----------------------------------------------------------------
// All Rights Reserved , Copyright (C) 2013 , Hairihan TECH, Ltd .
//-----------------------------------------------------------------

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Text;
using System.Web;
using System.Web.Caching;
using System.Web.Security;
using System.DirectoryServices;
using DotNet.Utilities;

namespace DotNet.Business
{
    /// <summary>
    /// LDAP登录功能相关部分
    /// </summary>
    public partial class Utilities
    {
        // LDAP域用户登录部分:包括Windows AD域用户登录
        #region public static BaseUserInfo LogOnByLDAP(string domain, string lDAP, string userName, string password, string permissionCode, bool persistCookie, bool formsAuthentication, out string statusCode, out string statusMessage)
        /// <summary>
        /// 验证LDAP用户
        /// </summary>
        /// <param name="domain"></param>
        /// <param name="lDAP">LDAP</param>
        /// <param name="userName">域用户名</param>
        /// <param name="password">域密码</param>
        /// <param name="permissionCode">权限编号</param>
        /// <param name="persistCookie">是否保存密码</param>
        /// <param name="formsAuthentication">表单验证,是否需要重定位</param>
        /// <param name="statusCode"></param>
        /// <param name="statusMessage"></param>
        /// <returns></returns>
        public static BaseUserInfo LogOnByLDAP(string domain, string lDAP, string userName, string password, string permissionCode, bool persistCookie, bool formsAuthentication, out string statusCode, out string statusMessage)
        {
            DirectoryEntry dirEntry = new DirectoryEntry();
            dirEntry.Path = lDAP;
            dirEntry.Username = domain + "\\" + userName;
            dirEntry.Password = password;
            dirEntry.AuthenticationType = AuthenticationTypes.Secure;

            try
            {
                DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);
                dirSearcher.Filter = String.Format("(&(objectClass=user)(samAccountName={0}))", userName);
                System.DirectoryServices.SearchResult result = dirSearcher.FindOne();
                if (result != null)
                {
                    // 统一的登录服务
                    DotNetService dotNetService = new DotNetService();
                    BaseUserInfo userInfo = dotNetService.LogOnService.LogOnByUserName(Utilities.GetUserInfo(), userName, out statusCode, out statusMessage);
                    // 检查身份
                    if (statusCode.Equals(Status.OK.ToString()))
                    {
                        userInfo.IPAddress = GetIPAddressId();

                        bool isAuthorized = true;
                        // 用户是否有哪个相应的权限
                        if (!string.IsNullOrEmpty(permissionCode))
                        {
                            isAuthorized = dotNetService.PermissionService.IsAuthorized(userInfo, permissionCode, null);
                        }
                        // 有相应的权限才可以登录
                        if (isAuthorized)
                        {
                            if (persistCookie)
                            {
                                // 相对安全的方式保存登录状态
                                // SaveCookie(userName, password);
                                // 内部单点登录方式
                                SaveCookie(userInfo);
                            }
                            else
                            {
                                RemoveUserCookie();
                            }
                            LogOn(userInfo, formsAuthentication);
                        }
                        else
                        {
                            statusCode = Status.LogOnDeny.ToString();
                            statusMessage = "访问被拒绝、您的账户没有后台管理访问权限。";
                        }
                    }

                    return userInfo;
                }
                else
                {
                    statusCode = Status.LogOnDeny.ToString();
                    statusMessage = "应用系统用户不存在,请联系管理员。";
                    return null;
                }
            }
            catch (Exception e)
            {
                //Logon failure: unknown user name or bad password.
                statusCode = Status.LogOnDeny.ToString();
                statusMessage = "域服务器返回信息" + e.Message.Replace("\r\n", "");
                return null;
            }

            
        }
        #endregion

    }
}

 

 

前端的登录文件-SigninLDAP.aspx,代码较多可参考Signin.aspx。

你可能感兴趣的:(C#开发中Windows域认证登录2(扩展吉日嘎拉GPM系统))