??????? ?????????? ?? ????? C# .NET ?? ????? ?? ?????? ??????????? ?? ??????? ???????? ???? ?? ??? ???? ????

????? ?? ???? ????

????? C# .NET ??? ?? asp.NET ??? ????????? ?????

1. Microsoft Visual Studio .NET ???? ????..
2. ????? ???????????? ??,????? ????-????? ????, ?? ???? ????????????.
3. ????? ????,????? C# ??????????? ???????????????? ???????? ????-????? ????, ?? ???? ???ASP.NET ??? ??????????? ???????????????.
4. ??????????????? ???, ?? ??? WebApplication1 ?????FormsAuthAd.
5. ????? ????,OK.
6. ????-????? ???????????????? Explorer, ?? ???? ??? ??? ????????? ??????.
7. ????? ????.NET??? ????????? ??????????? ????? ???, ????? ????System.DirectoryServices.dll????? ????,??? ?????? ????-????? ????, ?? ???? ???OK.

????? ?? ???? ????

??????? ??? ?????

1. ?????? Explorer ???, ????????? ??? ?? ????-????? ????, ?? ????? ????add?? ????-????? ????, ?? ???? ????? ???? ??? ?????.
2. ????? ????,?????? ???????????????.
3. ??????:LdapAuthentication.cs????????????? ???, ?? ???? ????????.
4. ?????? ??? LdapAuthentication.cs ????? ??? ????? ??? ?? ???????????? ?????

   using System;
   using System.Text;
   using System.Collections;
   using System.DirectoryServices;
   
   namespace FormsAuth
   {	
     public class LdapAuthentication
     {
       private String _path;
       private String _filterAttribute;
   
       public LdapAuthentication(String path)
       {
         _path = path;
       }
   		
       public bool IsAuthenticated(String domain, String username, String pwd)
       {
         String domainAndUsername = domain + @"\" + username;
         DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
   			
         try
         {	//Bind to the native AdsObject to force authentication.			
            Object obj = entry.NativeObject;
   
   	DirectorySearcher search = new DirectorySearcher(entry);
   
   	search.Filter = "(SAMAccountName=" + username + ")";
   	search.PropertiesToLoad.Add("cn");
   	SearchResult result = search.FindOne();
   
   	if(null == result)
   	{
     	  return false;
   	}
   
   	//Update the new path to the user in the directory.
   	_path = result.Path;
   	_filterAttribute = (String)result.Properties["cn"][0];
         }
         catch (Exception ex)
         {
           throw new Exception("Error authenticating user. " + ex.Message);
         }
   
   	return true;
        }
   
        public String GetGroups()
        {
          DirectorySearcher search = new DirectorySearcher(_path);
          search.Filter = "(cn=" + _filterAttribute + ")";
          search.PropertiesToLoad.Add("memberOf");
          StringBuilder groupNames = new StringBuilder();
   
          try
          {
            SearchResult result = search.FindOne();
   
   	 int propertyCount = result.Properties["memberOf"].Count;
   
      	 String dn;
   	 int equalsIndex, commaIndex;
   				
   	 for(int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
   	 {
   	   dn = (String)result.Properties["memberOf"][propertyCounter];
   
       	   equalsIndex = dn.IndexOf("=", 1);
   	   commaIndex = dn.IndexOf(",", 1);
   	   if(-1 == equalsIndex)
   	   {
   	     return null;
        	   }
   
              groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
   	   groupNames.Append("|");
   
       	 }
          }
          catch(Exception ex)
          {
            throw new Exception("Error obtaining group names. " + ex.Message);
          }			
          return groupNames.ToString();
        }
      }
   }
   					

CN=...,...,DC=domain,DC=com
				

????? ?? ???? ????

Global.asax ??? ?????

1. ?????? Explorer ???, ???? ?????Global.asax?? ????-????? ????, ?? ???? ???????? ???.
2. ??? behind Global.asax.cs ????? ?? ????? ?? ????? ??? ?? ??????:

   using System.Web.Security;
   using System.Security.Principal;
   					

3. ?????? ???? ????? ?????? ?? ??? ?????Application_AuthenticateRequest????? ??? ?? ????

   void Application_AuthenticateRequest(Object sender, EventArgs e)
   {
     String cookieName = FormsAuthentication.FormsCookieName;
     HttpCookie authCookie = Context.Request.Cookies[cookieName];
   
     if(null == authCookie)
     {//There is no authentication cookie.
       return;
     }	
   		
     FormsAuthenticationTicket authTicket = null;
   	
     try
     {
       authTicket = FormsAuthentication.Decrypt(authCookie.Value);
     }
     catch(Exception ex)
     {
       //Write the exception to the Event Log.
       return;
     }
   	
     if(null == authTicket)
     {//Cookie failed to decrypt.
       return;		
     }		
   	
     //When the ticket was created, the UserData property was assigned a
     //pipe-delimited string of group names.
     String[] groups = authTicket.UserData.Split(new char[]{'|'});
   
     //Create an Identity.
     GenericIdentity id = new GenericIdentity(authTicket.Name, "LdapAuthentication");
   	
     //This principal flows throughout the request.
     GenericPrincipal principal = new GenericPrincipal(id, groups);
   
     Context.User = principal;
   	
   }
   					

????? ?? ???? ????

Web.config ????? ??????? ????

<?xml version="1.0" encoding="utf-8" ?>
<configuration>    
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="logon.aspx" name="adAuthCookie" timeout="10" path="/" >
      </forms>
    </authentication>	
    <authorization>	
      <deny users="?" />
      <allow users="*" />
    </authorization>	
    <identity impersonate="true" />
  </system.web>
</configuration>
				

????? ?? ???? ????

IIS ???? ??????? ?? ??? ???????? ????

1. IIS, ??? ???? ????? ?? ??? ???????? ??? ?? ??????? ????, ??????? ??????? ??????, ??????? ??????????? ??? ????, ????-????? ????FormsAuthAd?? ????-????? ????, ?? ???? ??????.
2. ????? ?????????????? ??????? ????? ????-????? ????, ?? ???? ??????????? ??????????? ????? ?? ??????? ????????.
3. ???? ?? ????????? ?? ??? ???? ???? ?? ?????? ?????????? ?? ?????? ???? ???? ???? ????
4. ?????? ??? IIS ??? ???????? ??????? ???????? ?? ???? ???? ?? ??? ????? ?????
5. ? ?????????? ????? ? ??? ??? ? ?????? Windows ?????????? ? ??? ????? ?? ????? ?????
6. ??? ????? ?????
7. ??? ??? ???? ????

????? ?? ???? ????

Logon.aspx ????? ?????

1. ?????? Explorer ???, ????????? ??? ?? ????-????? ????, ?? ????? ????add?? ????-????? ????, ?? ???? ?????? ??????? ?????.
2. ??????:Logon.aspx????????????? ???, ?? ???? ????????.
3. ?????? Explorer ???, ???? ?????Logon.aspx?? ????-????? ????, ?? ???? ???????? ???????.
4. ????? ????html??? ??????? ??? ???
5. ?????? ??? ?? ????? ??? ?? ???????????? ?????

   <%@ Page language="c#" AutoEventWireup="true" %>
   <%@ Import Namespace="FormsAuth" %>
   <html>
     <body>	
       <form id="Login" method="post" runat="server">
         <asp:Label ID="Label1" Runat=server >Domain:</asp:Label>
         <asp:TextBox ID="txtDomain" Runat=server ></asp:TextBox><br>    
         <asp:Label ID="Label2" Runat=server >Username:</asp:Label>
         <asp:TextBox ID=txtUsername Runat=server ></asp:TextBox><br>
         <asp:Label ID="Label3" Runat=server >Password:</asp:Label>
         <asp:TextBox ID="txtPassword" Runat=server TextMode=Password></asp:TextBox><br>
         <asp:Button ID="btnLogin" Runat=server Text="Login" OnClick="Login_Click"></asp:Button><br>
         <asp:Label ID="errorLabel" Runat=server ForeColor=#ff3300></asp:Label><br>
         <asp:CheckBox ID=chkPersist Runat=server Text="Persist Cookie" />
       </form>	
     </body>
   </html>
   <script runat=server>
   void Login_Click(Object sender, EventArgs e)
   {
     String adPath = "LDAP://corp.com"; //Fully-qualified Domain Name
     LdapAuthentication adAuth = new LdapAuthentication(adPath);
     try
     {
       if(true == adAuth.IsAuthenticated(txtDomain.Text, txtUsername.Text, txtPassword.Text))
       {
         String groups = adAuth.GetGroups();
   
         //Create the ticket, and add the groups.
         bool isCookiePersistent = chkPersist.Checked;
         FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,  txtUsername.Text,
   	DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups);
   	
         //Encrypt the ticket.
         String encryptedTicket = FormsAuthentication.Encrypt(authTicket);
   		
         //Create a cookie, and then add the encrypted ticket to the cookie as data.
         HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
   
         if(true == isCookiePersistent)
   	authCookie.Expires = authTicket.Expiration;
   				
         //Add the cookie to the outgoing cookies collection.
         Response.Cookies.Add(authCookie);		
   
         //You can redirect now.
         Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));
       }
       else
       {
         errorLabel.Text = "Authentication did not succeed. Check user name and password.";
       }
     }
     catch(Exception ex)
     {
       errorLabel.Text = "Error authenticating. " + ex.Message;
     }
   }
   </script>

6. ???? LDAP ?????????? ????? ?? ????? ???? ?? ??? Logon.aspx ????? ??? ?? ?? ??????? ?????

????? ?? ???? ????

WebForm1.aspx ????? ?? ??????? ????

1. ?????? Explorer ???, ???? ?????WebForm1.aspx?? ????-????? ????, ?? ???? ???????? ???????.
2. ????? ????html??? ??????? ??? ???
3. ?????? ??? ?? ????? ??? ?? ???????????? ?????

   <%@ Page language="c#" AutoEventWireup="true" %>
   <%@ Import Namespace="System.Security.Principal" %>
   <html>
     <body>	
       <form id="Form1" method="post" runat="server">
         <asp:Label ID="lblName" Runat=server /><br>
         <asp:Label ID="lblAuthType" Runat=server />
       </form>	
     </body>
   </html>
   <script runat=server>
   void Page_Load(Object sender, EventArgs e)
   {
     lblName.Text = "Hello " + Context.User.Identity.Name + ".";
     lblAuthType.Text = "You were authenticated using " +   Context.User.Identity.AuthenticationType + ".";
   }
   </script>
   					

4. ??? ?????? ?? ??????, ?? ?? ????????? ??????? ?????
5. WebForm1.aspx ????? ?? ??? ?????? ????? ????? ??? ?? ?? Logon.aspx ???? ?? ??? ?????????????? ????
6. ????? ??????????? ???? ????, ?? ???? ??? ????? ????????? ????. ?? ?? WebForm1.aspx ???? ?? ??? ?????????????? ???, ?? ????? ?? ???? ?????????? ??? ????? ?? ?? ??LdapAuthentication?? ??? ??????? ?????? ??Context.User.AuthenticationType????

????? ?? ???? ????