1. AD上先在Users裡建一個帳號,例如sync
 
2. Framework 2.0的web.config先加
<system.web>
        <compilation debug="false" strict="false" explicit="true">
              <assemblies>
                         <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
              </assemblies>
        </compilation>
</system.web>
 
如為Framework 4.0,web.config則加
<system.web>
        <compilation debug="true" targetFramework="4.0">
                <assemblies>
                        <add assembly="System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                </assemblies>
        </compilation>
</system.web>
 
 
Login.aspx
 
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" debug="true" %>
<html>
<head>
<title>AD驗證測試</title>
 
</head>
<body bgcolor="#ffffff">
<form id="form1" runat="server">
帳號:<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br><br>
密碼:<asp:TextBox ID="TextBox2" runat="server" TextMode="Password"></asp:TextBox><br><br>
<asp:Button ID="Button1" runat="server" Text="登   入" OnClick="Button1_Click" />
 
<asp:Label ID="Label99" runat="server" Text=""></asp:Label>
</form>
</body>
</html>
 
 
Login.aspx.cs
 
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.DirectoryServices;
using System.Security.Principal;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
 
public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
 
    }
 
    protected void Button1_Click(object sender, EventArgs e)
    {
        string strComputerName = "192.168.1.1";  
        string strUserName = TextBox1.Text;
        string strPassword = TextBox2.Text;
 
        string strValidateUser = ValidateUser(strComputerName, strUserName, strPassword);
        if (strValidateUser != null)
        {
                Response.Write("<script>   alert('" + strUserName + "認證成功!!!');</script>");
        }
        else
        {
                Response.Write("<script>   alert('" + strUserName + "認證失敗!!!');</script>");
        }
    }
 
    public static string ValidateUser(string ComputerName, string UserName, string Password)
    {
        if (ComputerName.IndexOf('.') != -1)
        {
            DirectoryEntry entry = new DirectoryEntry(LDAP://192.168.1.1/CN=sync,CN=users,DC=test,DC=com, UserName, Password);   //AD上如有建sync帳號就用CN=sync,如無,用CN=administrator也可以
            try
            {
                string objectSid =  (new SecurityIdentifier((byte[])entry.Properties["objectSid"].Value, 0).Value);
                return objectSid;
            }
            catch
            {
                return null;
            }
            finally
            {
                entry.Dispose();
            }
        }
        else
        {
            DirectoryEntry entry = new DirectoryEntry("WinNT://" + ComputerName, UserName, Password);
            try
            {
                string objectSid =  (new SecurityIdentifier((byte[])entry.Properties["objectSid"].Value, 0).Value);
                return objectSid;
            }
            catch
            {
                return null;
            }
            finally
            {
                entry.Dispose();
            }
        }
    }
}
 
arrow
arrow
    全站熱搜

    adamschen9921 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄