??????? ?????????? ?? ????? C# .NET ?? ????? ?? ?????? ??????????? ?? ??????? ???????? ???? ?? ??? ???? ????

???? ?????? ???? ??????
???? ID: 316748 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
?? ???? ?? ???????? ???? ?? ????? Microsoft .NET Framework ????? ????????? ????????:
  • System.Text
  • System.DirectoryServices
  • System.Security.Principal
  • System.Web.Security
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

??????

????????? ???? ?? ?? ??? ?? ??? ???? ?? ???? ?? asp.NET ????????? ??????? ??????????? ?????? ????????? (LDAP) ?? ????? ?? ?????? ??????????? ?? ??????? ?????????? ???????????? ?? ?????? ???? ?? ??? ??????? ??????? ????? ?? ???? ???? ?????????? ?????????? ?? ?????????????? ??, ?? ??? ?? ????? ?? ???? ???Application_AuthenticateRequest?????? ?? ???????? ???? ?? ??? Global.asax ????? ?? ??GenericPrincipal??? ????????HttpContext.User??? ?? ???? ?????? ?? ????? flows.

????? C# .NET ??? ?? asp.NET ??? ????????? ?????

??? ??? asp.NET ??? ????????? ??? ????? C# .NET FormsAuthAd ???? ????? ?? ???, ????? ????? ?? ???? ????:
  1. Microsoft Visual Studio .NET ???? ????..
  2. ????? ???????????? ??,????? ????-????? ????, ?? ???? ????????????.
  3. ????? ????,????? C# ??????????? ???????????????? ???????? ????-????? ????, ?? ???? ???ASP.NET ??? ??????????? ???????????????.
  4. ??????????????? ???, ?? ??? WebApplication1 ?????FormsAuthAd.
  5. ????? ????,OK.
  6. ????-????? ???????????????? Explorer, ?? ???? ??? ??? ????????? ??????.
  7. ????? ????.NET??? ????????? ??????????? ????? ???, ????? ????System.DirectoryServices.dll????? ????,??? ?????? ????-????? ????, ?? ???? ???OK.

??????? ??? ?????

????? ????? ?? ??? ?? ??? ???? LdapAuthentication.cs ??? ??? ????? ????? ?? ???? ????:
  1. ?????? Explorer ???, ????????? ??? ?? ????-????? ????, ?? ????? ????add?? ????-????? ????, ?? ???? ????? ???? ??? ?????.
  2. ????? ????,?????? ???????????????.
  3. ??????:LdapAuthentication.cs????????????? ???, ?? ???? ????????.
  4. ?????? ??? LdapAuthentication.cs ????? ??? ????? ??? ?? ???????????? ?????
    using System;
    using System.Text;
    using System.Collections;
    using System.DirectoryServices;
    
    namespace FormsAuth
    {	
      public class LdapAuthentication
      {
        private String _path;
        private String _filterAttribute;
    
        public LdapAuthentication(String path)
        {
          _path = path;
        }
    		
        public bool IsAuthenticated(String domain, String username, String pwd)
        {
          String domainAndUsername = domain + @"\" + username;
          DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
    			
          try
          {	//Bind to the native AdsObject to force authentication.			
             Object obj = entry.NativeObject;
    
    	DirectorySearcher search = new DirectorySearcher(entry);
    
    	search.Filter = "(SAMAccountName=" + username + ")";
    	search.PropertiesToLoad.Add("cn");
    	SearchResult result = search.FindOne();
    
    	if(null == result)
    	{
      	  return false;
    	}
    
    	//Update the new path to the user in the directory.
    	_path = result.Path;
    	_filterAttribute = (String)result.Properties["cn"][0];
          }
          catch (Exception ex)
          {
            throw new Exception("Error authenticating user. " + ex.Message);
          }
    
    	return true;
         }
    
         public String GetGroups()
         {
           DirectorySearcher search = new DirectorySearcher(_path);
           search.Filter = "(cn=" + _filterAttribute + ")";
           search.PropertiesToLoad.Add("memberOf");
           StringBuilder groupNames = new StringBuilder();
    
           try
           {
             SearchResult result = search.FindOne();
    
    	 int propertyCount = result.Properties["memberOf"].Count;
    
       	 String dn;
    	 int equalsIndex, commaIndex;
    				
    	 for(int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
    	 {
    	   dn = (String)result.Properties["memberOf"][propertyCounter];
    
        	   equalsIndex = dn.IndexOf("=", 1);
    	   commaIndex = dn.IndexOf(",", 1);
    	   if(-1 == equalsIndex)
    	   {
    	     return null;
         	   }
    
               groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
    	   groupNames.Append("|");
    
        	 }
           }
           catch(Exception ex)
           {
             throw new Exception("Error obtaining group names. " + ex.Message);
           }			
           return groupNames.ToString();
         }
       }
    }
    					
??????? ??? ?????, ??? ?????????? ???, ???????, ?? ?????? ?????????? ??? ???? ?? ??? ??? ?? ??????? ???? ??? ?? ??? LDAP ?????????? ??????? ?? ????? ???? ???

Logon.aspx ??? ??? ??? ???LdapAuthentication.IsAuthenticated???? ?? passes ?????????? ?? ???????? ??????????? ??? ??? ???, ??DirectoryEntryobject is created with the path to the directory tree, the user name, and the password. The user name must be in the "domain\username" format. TheDirectoryEntryobject then tries to force theAdsObjectbinding by obtaining theNativeObject???? If this succeeds, theCNattribute for the user is obtained by creating aDirectorySearcherobject and by filtering on theSAMAccountName. After the user is authenticated, theIsAuthenticated???? ???? ??True.

To obtain a list of groups that the user belongs to, this code calls theLdapAuthentication.GetGroups?????? ??? TheLdapAuthentication.GetGroups???? obtains ?? ?????????? ?? ????? ???? ??? ?? ??????? ?? ????? ?????? ?? ??? ???? ????DirectorySearcher???????? ?? ?? ?????? ?? ??????? ????memberOf??????? ??? ?? ???? ?? ?? ?????? (|) ?? ?????? ??? ?????? ?? ???? ???? ???

?? ?????LdapAuthentication.GetGroups???? manipulates ?? ?????????? truncates ??? ?? ???????? ??????? ???? ??? ???????? ?? ????? ?? ?? ???? ??? ??? ??? ???????? ???? ???? ??, ???????? ???? ?? ?????? ????? ????????????
CN=...,...,DC=domain,DC=com
				
?? ?? ???? ???????? ??? ???? ???? ?? ???????? ?? ????? ???? ?? ????? ?? ???? ??, ??? ????????? ??????? ???? ?? ??????? ???? ?? ???? ??, ?? ?? ????? ????? ?? ?????????????? ????? ???????, ??? ?? ???? multi-domain ??????? ??? ???, ?? ?? ???? ?? ???? ?????? ?? ??? ????? ??? ?? ?? ???? ??? ?? ???? ??????? ????? ??? ???? ??? ?? ??? ???? ???? ?? ???? ?? ???? ?? ????? ??? differentiate ???? ?? ??? ????? ??? ?? ???? ?? ??? ???

??????? ????????? ?????? ?? 4096 ?????? ?? ?????? ???? ?? ???????? ??????? ???? ?? ????? ?? ???? ?? ???? ??, ??? ?? asp.NET ??? ???????? ?? ???? ??????? ??? ???? ??????? ?? ???????? ???? ?? ??? ?? ????? ???????? ??? ??, ?? ???? ?? ?? ???? ????? ?????????? ???? ?? ???? ???? ??? ??????? ????? ??? ?? ??????? ???????? ???? ?? ????

Global.asax ??? ?????

Global.asax ????? ??? ??? ?????? ????? ?? ??Application_AuthenticateRequest????? ??????? ?? ????? ?????? retrieves ??????? ???? ??Context.Request.Cookies??????, ???? decrypts, ?? ??? ???????? ???? ????? ?? ?????? ?? ???? retrievesFormsAuthenticationTicket.UserData???? ???? ??? ?? ???? ???? ???? Logon.aspx ????? ??? ???? ?? ????? ???

??? ?????? ???????? ?? ????? ?? ??? ?? ???????? ???? ??? ??GenericPrincipal???????? ??? ???? ???GenericPrincipal???????? ????? ??? ??, ?? ???????? ??? ??? ??HttpContext.User????
  1. ?????? Explorer ???, ???? ?????Global.asax?? ????-????? ????, ?? ???? ???????? ???.
  2. ??? behind Global.asax.cs ????? ?? ????? ?? ????? ??? ?? ??????:
    using System.Web.Security;
    using System.Security.Principal;
    					
  3. ?????? ???? ????? ?????? ?? ??? ?????Application_AuthenticateRequest????? ??? ?? ????
    void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
      String cookieName = FormsAuthentication.FormsCookieName;
      HttpCookie authCookie = Context.Request.Cookies[cookieName];
    
      if(null == authCookie)
      {//There is no authentication cookie.
        return;
      }	
    		
      FormsAuthenticationTicket authTicket = null;
    	
      try
      {
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);
      }
      catch(Exception ex)
      {
        //Write the exception to the Event Log.
        return;
      }
    	
      if(null == authTicket)
      {//Cookie failed to decrypt.
        return;		
      }		
    	
      //When the ticket was created, the UserData property was assigned a
      //pipe-delimited string of group names.
      String[] groups = authTicket.UserData.Split(new char[]{'|'});
    
      //Create an Identity.
      GenericIdentity id = new GenericIdentity(authTicket.Name, "LdapAuthentication");
    	
      //This principal flows throughout the request.
      GenericPrincipal principal = new GenericPrincipal(id, groups);
    
      Context.User = principal;
    	
    }
    					

Web.config ????? ??????? ????

?? ?????? ??? ?? ????????<forms></forms>,<authentication></authentication>, ??<authorization></authorization>Web.config ????? ??? ????? ?? ?????????? ?? ??? ???? ?????? ?????????? ????????? ?? ????? ???? ???, ?? ?? Logon.aspx ????? ?? ??????? ?????? ?????????????? ???? ?? ?? ??????????? ?? ???? ??? ???????????? ?? ?????? ?? ????? ????????? ?? ??? ?????? ???? ?? ??? ??????? ?? ???? ????

?????? ??? Web.config ????? ??? ????? ??? ?? ???????????? ?????
<?xml version="1.0" encoding="utf-8" ?>
<configuration>    
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="logon.aspx" name="adAuthCookie" timeout="10" path="/" >
      </forms>
    </authentication>	
    <authorization>	
      <deny users="?" />
      <allow users="*" />
    </authorization>	
    <identity impersonate="true" />
  </system.web>
</configuration>
				
?????<identity impersonate="true"></identity>??????????? ????? ???? ???? asp.NET ???? ???? ?? Microsoft ??????? ?????????? ???????? (IIS) ?? ??? ??? ???????? ???? ??? ???? ?? ?????????? ???? ?? ??? ??? ?? ??? ??? ??? ?????? ?? ?? ??????????? ???, ?? ????????? ?? ??? ??? ?????? ????? ???????? ???? ??? ???? ?? ??????? ?????? ?? ???????? ?????????? ?????? ?????????? ?? ??????? ???????? ???? ?? ??? ??????????? ?????? ???? ??, ????? ?????? ?????????? ?? ??????? ?? ?? ???? ???????? ???? ??? ???? ??? ???? ??????? ?? ???, ???????????????

IIS ???? ??????? ?? ??? ???????? ????

???? ??????? ?? ??? IIS ?? ???????? ???? ?? ??? ????? ????? ?? ???? ????:
  1. IIS, ??? ???? ????? ?? ??? ???????? ??? ?? ??????? ????, ??????? ??????? ??????, ??????? ??????????? ??? ????, ????-????? ????FormsAuthAd?? ????-????? ????, ?? ???? ??????.
  2. ????? ?????????????? ??????? ????? ????-????? ????, ?? ???? ??????????? ??????????? ????? ?? ??????? ????????.
  3. ???? ?? ????????? ?? ??? ???? ???? ?? ?????? ?????????? ?? ?????? ???? ???? ???? ????
  4. ?????? ??? IIS ??? ???????? ??????? ???????? ?? ???? ???? ?? ??? ????? ?????
  5. ? ?????????? ????? ? ??? ??? ? ?????? Windows ?????????? ? ??? ????? ?? ????? ?????
  6. ??? ????? ?????
  7. ??? ??? ???? ????
??????? IUSR_computername???? ?? ??? ?????? ?????????? ?? ?????? ???? ???

Logon.aspx ????? ?????

??? ??? asp.NET ??? ??????? Logon.aspx ???? ????? ?? ???, ????? ????? ?? ???? ????:
  1. ?????? Explorer ???, ????????? ??? ?? ????-????? ????, ?? ????? ????add?? ????-????? ????, ?? ???? ?????? ??????? ?????.
  2. ??????:Logon.aspx????????????? ???, ?? ???? ????????.
  3. ?????? Explorer ???, ???? ?????Logon.aspx?? ????-????? ????, ?? ???? ???????? ???????.
  4. ????? ????html??? ??????? ??? ???
  5. ?????? ??? ?? ????? ??? ?? ???????????? ?????
    <%@ Page language="c#" AutoEventWireup="true" %>
    <%@ Import Namespace="FormsAuth" %>
    <html>
      <body>	
        <form id="Login" method="post" runat="server">
          <asp:Label ID="Label1" Runat=server >Domain:</asp:Label>
          <asp:TextBox ID="txtDomain" Runat=server ></asp:TextBox><br>    
          <asp:Label ID="Label2" Runat=server >Username:</asp:Label>
          <asp:TextBox ID=txtUsername Runat=server ></asp:TextBox><br>
          <asp:Label ID="Label3" Runat=server >Password:</asp:Label>
          <asp:TextBox ID="txtPassword" Runat=server TextMode=Password></asp:TextBox><br>
          <asp:Button ID="btnLogin" Runat=server Text="Login" OnClick="Login_Click"></asp:Button><br>
          <asp:Label ID="errorLabel" Runat=server ForeColor=#ff3300></asp:Label><br>
          <asp:CheckBox ID=chkPersist Runat=server Text="Persist Cookie" />
        </form>	
      </body>
    </html>
    <script runat=server>
    void Login_Click(Object sender, EventArgs e)
    {
      String adPath = "LDAP://corp.com"; //Fully-qualified Domain Name
      LdapAuthentication adAuth = new LdapAuthentication(adPath);
      try
      {
        if(true == adAuth.IsAuthenticated(txtDomain.Text, txtUsername.Text, txtPassword.Text))
        {
          String groups = adAuth.GetGroups();
    
          //Create the ticket, and add the groups.
          bool isCookiePersistent = chkPersist.Checked;
          FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,  txtUsername.Text,
    	DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups);
    	
          //Encrypt the ticket.
          String encryptedTicket = FormsAuthentication.Encrypt(authTicket);
    		
          //Create a cookie, and then add the encrypted ticket to the cookie as data.
          HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
    
          if(true == isCookiePersistent)
    	authCookie.Expires = authTicket.Expiration;
    				
          //Add the cookie to the outgoing cookies collection.
          Response.Cookies.Add(authCookie);		
    
          //You can redirect now.
          Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));
        }
        else
        {
          errorLabel.Text = "Authentication did not succeed. Check user name and password.";
        }
      }
      catch(Exception ex)
      {
        errorLabel.Text = "Error authenticating. " + ex.Message;
      }
    }
    </script>
  6. ???? LDAP ?????????? ????? ?? ????? ???? ?? ??? Logon.aspx ????? ??? ?? ?? ??????? ?????
Logon.aspx ????? ?? ???? ????? ?? ?? ?????????? ?? ??? ??????? ??? ?? ??????? ??????? ???? ??LdapAuthentication????? ??? ?????????? authenticates ?? ???? ?? ?? ???? obtains ??, ?? ??? ??? ????? ?? ??FormsAuthenticationTicket????????, ???? encrypts, ???? ???? ???????????? ???? ????? ??, ???? ?? ????? ??HttpResponse.Cookies??????, ?? ???? ??? ??? ??? ?? ?????? ???? ??? URL ?? ??? ?????? ?????

WebForm1.aspx ????? ?? ??????? ????

WebForm1.aspx ????? ??? ??? ??? ?? ?????? ?? ?? ????? ??? ?? ?????????? ?? ????? ?? ?????? ???? ??, ?? ?????? ???? ?? ??? Logon.aspx ?????????????? ?? ?????? ?????? ?????????? ??, ?? ??? ?????? WebForm1.aspx ????? ?? ??? ?????????????? ???
  1. ?????? Explorer ???, ???? ?????WebForm1.aspx?? ????-????? ????, ?? ???? ???????? ???????.
  2. ????? ????html??? ??????? ??? ???
  3. ?????? ??? ?? ????? ??? ?? ???????????? ?????
    <%@ Page language="c#" AutoEventWireup="true" %>
    <%@ Import Namespace="System.Security.Principal" %>
    <html>
      <body>	
        <form id="Form1" method="post" runat="server">
          <asp:Label ID="lblName" Runat=server /><br>
          <asp:Label ID="lblAuthType" Runat=server />
        </form>	
      </body>
    </html>
    <script runat=server>
    void Page_Load(Object sender, EventArgs e)
    {
      lblName.Text = "Hello " + Context.User.Identity.Name + ".";
      lblAuthType.Text = "You were authenticated using " +   Context.User.Identity.AuthenticationType + ".";
    }
    </script>
    					
  4. ??? ?????? ?? ??????, ?? ?? ????????? ??????? ?????
  5. WebForm1.aspx ????? ?? ??? ?????? ????? ????? ??? ?? ?? Logon.aspx ???? ?? ??? ?????????????? ????
  6. ????? ??????????? ???? ????, ?? ???? ??? ????? ????????? ????. ?? ?? WebForm1.aspx ???? ?? ??? ?????????????? ???, ?? ????? ?? ???? ?????????? ??? ????? ?? ?? ??LdapAuthentication?? ??? ??????? ?????? ??Context.User.AuthenticationType????
???:Microsoft ??????? ???? ?? ?? ??????? ??????? ???? (SSL) ?? ??????????? ??????? ??????? ?? ????? ????? ?? ??????? ?????????? ??????? ???? ?? ?????? ?????? ??, ?? SSL ??????????? ?? ????????? ?? ??? ?? ??????? ???? ?? ??? ?? ???? ???????? ??????? ???????? ???? ?? ??? ?? ?? compromising ?? ????? ???

??????

???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ???????? ????? ????::
306590ASP.NET ??????? ????????? ??????
317012ASP.NET ??? ????????? ?? ?????? ?????
311495???????-?????? ?????????? ?? ??? ???-?????? ??????? ????? C# .NET ?? ????? ?? ???? asp.NET ????????? ??? ??????????? ???? ?? ??? ???? ????
313091??????? ?????????? ??? ????? ?? ??? Visual Basic .NET ?? ????? ?? ????? ?? ????? ?? ??? ???? ????
313116??????? ??????? ?????? loginUrl ????? ?? ??? ????????? ???? ???

???

???? ID: 316748 - ????? ???????: 04 ?????? 2010 - ??????: 2.0
???? ???? ???? ??:
  • Microsoft Visual C# .NET 2003 Standard Edition
  • Microsoft Visual C# .NET 2002 Standard Edition
  • Microsoft ASP.NET 1.1
  • Microsoft ASP.NET 1.0
??????: 
kbconfig kbcookie kbhowtomaster kbsecurity kbwebforms kbmt KB316748 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:316748

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com