ASP.NET的Core|ASP.NET的Core AD域登录过程示例 ASP.NET的CoreAD域登录过程示例

来个ABC：

新建一个ASP.NET Core项目
建立一个LDAP操作的工具类
在applicationSettings.json中添加基本的域配置
Startup.cs中修改
AccountController中添加登录和注销的Action

在选择AD登录时，其实可以直接选择 Windows 授权，不过因为有些网站需要的是LDAP获取信息进行授权，而非直接依赖Web Server自带的Windows 授权功能。
当然如果使用的是Azure AD/企业账号登录时，直接在ASP.NET Core创建项目时选择就好了。

来个ABC：
新建一个ASP.NET Core项目
Nuget引用dependencies / 修改```project.json```

【ASP.NET的Core|ASP.NET的Core AD域登录过程示例】Novell.Directory.Ldap.NETStandard
Microsoft.AspNetCore.Authentication.Cookies

版本如下：

"Novell.Directory.Ldap.NETStandard": "2.3.5",
"Microsoft.AspNetCore.Authentication.Cookies": "1.1.0"

本文的AD登录使用的是第三方的
```Novell.Directory.Ldap.NETStandard``` 进行的LDAP操作（还没有看这个LDAP的库是否有安全性问题，如果有需要修改或更换）

建立一个LDAP操作的工具类
代码在下面链接中，就不单独贴了，基本上就2个方法：
Register是获取基本配置信息的
Validate是来验证用户名密码的

using System; using Microsoft.Extensions.Configuration; using Novell.Directory.Ldap; namespace Demo{public class LDAPUtil{public static string Host { get; private set; }public static string BindDN { get; private set; }public static string BindPassword { get; private set; }public static int Port { get; private set; }public static string BaseDC { get; private set; }public static string CookieName { get; private set; }public static void Register(IConfigurationRoot configuration){Host = configuration.GetValue("LDAPServer"); Port = configuration?.GetValue("LDAPPort") ?? 389; BindDN = configuration.GetValue("BindDN"); BindPassword = configuration.GetValue("BindPassword"); BaseDC = configuration.GetValue("LDAPBaseDC"); CookieName = configuration.GetValue("CookieName"); }public static bool Validate(string username, string password){try{using (var conn = new LdapConnection()){conn.Connect(Host, Port); conn.Bind($"{BindDN},{BaseDC}", BindPassword); var entities =conn.Search(BaseDC,LdapConnection.SCOPE_SUB,$"(sAMAccountName={username})",new string[] { "sAMAccountName" }, false); string userDn = null; while (entities.hasMore()){var entity = entities.next(); var account = entity.getAttribute("sAMAccountName"); //If you need to Case insensitive, please modify the below code.if (account != null && account.StringValue =https://www.it610.com/article/= username){userDn = entity.DN; break; }}if (string.IsNullOrWhiteSpace(userDn)) return false; conn.Bind(userDn, password); // LdapAttribute passwordAttr = new LdapAttribute("userPassword", password); // var compareResult = conn.Compare(userDn, passwordAttr); conn.Disconnect(); return true; }}catch (LdapException){return false; }catch (Exception){ return false; }}}}

在applicationSettings.json中添加基本的域配置
"LDAPServer": "192.168.1.1",//域服务器
"LDAPPort": 389,//端口，一般默认就是这个
"CookieName": "testcookiename",//使用Cookie登录的Cookie的Key
"BindDN": "CN=DoWebUser,CN=Users",//用来获取LDAP的信息用户的用户名
"BindPassword": "!DoWebUserPassword",//用来获取LDAP的信息的用户的密码，即DoWebUser的密码
"LDAPBaseDC": "DC=aspnet,DC=com",//域的DC

Startup.cs中修改
Startup方法中：

LDAPUtil.Register(Configuration);

ConfigureServices 方法中：

services.AddAuthorization(options =>{});

Configure方法中：

app.UseCookieAuthentication(new CookieAuthenticationOptions(){AuthenticationScheme = Configuration.GetValue("CookieName"),LoginPath = new PathString("/Account/Login/"),AccessDeniedPath = new PathString("/Account/Login/"),AutomaticAuthenticate = true,AutomaticChallenge = true});

AccountController中添加登录和注销的Action
登录的页面：

[AllowAnonymous]public IActionResult Login(){return View(); }

登录的Post页面：

[HttpPost][AllowAnonymous]public async Task Login(string u, string p){if (LDAPUtil.Validate(u, p)){var identity = new ClaimsIdentity(new MyIdentity(u)); //这个MyIdentity只是一个祼的IIdentity的实现的类var principal = new ClaimsPrincipal(identity); await HttpContext.Authentication.SignInAsync(LDAPUtil.CookieName, principal); return RedirectToAction("Index", "Home"); }return View(); }

注销的页面：

[Authorize]public async Task Logout(){await HttpContext.Authentication.SignOutAsync(LDAPUtil.CookieName); return RedirectToAction("Index", "Home"); }

Demo
https://github.com/chsword/aspnet-core-ad-authentication
引用
https://github.com/dsbenghe/Novell.Directory.Ldap.NETStandard
https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.Cookies/
以上就是ASP.NET的Core AD域登录过程示例的详细内容，更多关于ASP.NET Core AD域登录的资料请关注脚本之家其它相关文章！