??????? ?????????? ?? Visual Basic .NET ?? ????? ?? ?????? ??????????? ?? ??????? ???????? ???? ?? ??? ???? ????

???? ?????? ???? ??????
???? ID: 326340 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

??????

?? ??? ?? ??? ???? ????? ?? ?? ???? ?? asp.NET ????????? ??????? ??????????? ?????? ????????? (LDAP) ?? ????? ?? ?????? ??????????? ?? ??????? ?????????? ???????????? ?? ?????? ???? ?? ??? ??????? ??????? ????? ?? ???? ????

?????????? ?????????? ?? ?????????????? ??, ?? ??? ?? ????? ?? ???? ???Application_AuthenticateRequest?????? ?? ???????? ???? ?? ??? Global.asax ????? ?? ??GenericPrincipal??? ????????HttpContext.User??? ?? ???? ?????? ?? ????? flows.

Visual Basic .NET ??? ?? asp.NET ??? ????????? ?????

??? ??? asp.NET ??? ????????? ??? Visual Basic .NET FormsAuthAd ???? ????? ?? ???, ????? ????? ?? ???? ????:
  1. Microsoft Visual Studio .NET ???? ????..
  2. ????? ???????????? ??,????? ????-????? ????, ?? ???? ????????????.
  3. ????? ????,Visual Basic ??????????? ???????????????? ???????? ????-????? ????, ?? ???? ???ASP.NET ??? ??????????? ???????????????.
  4. ??????????????? ???,HTTP:// <servername>/ FormsAuthAd</servername>(???HTTP://localhost??? ?? (???? ?? ??? ??? ?? ??????? ????? ?? ????? ?? ??? ???HTTP://localhost/FormsAuthAd?? ????-????? ????, ?? ???? ???OK.
  5. ????-????? ???????????????? Explorer, ?? ???? ??? ??? ????????? ??????.
  6. ????? ????.NET??? ????????? ??????????? ????? ???, ????? ????System.DirectoryServices.dll????? ????,??? ?????? ????-????? ????, ?? ???? ???OK.

??????? ??? ?????

????? ????? ?? ??? ?? ??? ???? LdapAuthentication.vb ??? ??? ????? ????? ?? ???? ????:
  1. ?????? Explorer ???, ????????? ??? ?? ????-????? ????, ?? ????? ????add?? ????-????? ????, ?? ???? ????? ???? ??? ?????.
  2. ????? ????,?????? ???????????????.
  3. ??????:LdapAuthentication.vb????????????? ???, ?? ???? ????????.
  4. ?????? ??? LdapAuthentication.vb ????? ??? ????? ??? ?? ???????????? ????:
    Imports System
    Imports System.Text
    Imports System.Collections
    Imports System.DirectoryServices
    
    Namespace FormsAuth
        Public Class LdapAuthentication
    
            Dim _path As String
            Dim _filterAttribute As String
    
            Public Sub New(ByVal path As String)
                _path = path
            End Sub
    
            Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean
    
                Dim domainAndUsername As String = domain & "\" & username
                Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)
    
                Try
                    'Bind to the native AdsObject to force authentication.			
                    Dim obj As Object = entry.NativeObject
                    Dim search As DirectorySearcher = New DirectorySearcher(entry)
    
                    search.Filter = "(SAMAccountName=" & username & ")"
                    search.PropertiesToLoad.Add("cn")
                    Dim result As SearchResult = search.FindOne()
    
                    If (result Is Nothing) Then
                        Return False
                    End If
    
                    'Update the new path to the user in the directory.
                    _path = result.Path
                    _filterAttribute = CType(result.Properties("cn")(0), String)
    
                Catch ex As Exception
                    Throw New Exception("Error authenticating user. " & ex.Message)
                End Try
    
                Return True
            End Function
    
            Public Function GetGroups() As String
                Dim search As DirectorySearcher = New DirectorySearcher(_path)
                search.Filter = "(cn=" & _filterAttribute & ")"
                search.PropertiesToLoad.Add("memberOf")
                Dim groupNames As StringBuilder = New StringBuilder()
    
                Try
                    Dim result As SearchResult = search.FindOne()
                    Dim propertyCount As Integer = result.Properties("memberOf").Count
    
                    Dim dn As String
                    Dim equalsIndex, commaIndex
    
                    Dim propertyCounter As Integer
    
                    For propertyCounter = 0 To propertyCount - 1
                        dn = CType(result.Properties("memberOf")(propertyCounter), String)
    
                        equalsIndex = dn.IndexOf("=", 1)
                        commaIndex = dn.IndexOf(",", 1)
                        If (equalsIndex = -1) Then
                            Return Nothing
                        End If
    
                        groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
                        groupNames.Append("|")
                    Next
    
                Catch ex As Exception
                    Throw New Exception("Error obtaining group names. " & ex.Message)
                End Try
    
                Return groupNames.ToString()
            End Function
        End Class
    End Namespace
    
    
    					

Explanation of the Code

The authentication code accepts a domain, a user name, a password, and a path to the tree in the Active Directory. This code uses the LDAP directory provider.
?????????? ???????
The code in the Logon.aspx page calls theLdapAuthentication.IsAuthenticatedmethod and passes in the credentials that are collected from the user. Then, aDirectoryEntryobject is created with the path to the directory tree, the user name, and the password. The user name must be in the "domain\username" format. TheDirectoryEntryobject then tries to force theAdsObjectbinding by obtaining theNativeObject???? If this succeeds, theCNattribute for the user is obtained by creating aDirectorySearcherobject and by filtering on theSAMAccountName. After the user is authenticated, theIsAuthenticated???? ???? ??True.

???:When you use LDAP to bind to an Active Directory-related object, TCP ports are being used. Increased use of LDAP with theSystem.DirectoryServicesnamespace may use all the TCP ports that are available. You may be able to reduce the TCP load by reusing the connection that you used to authenticate your user.
User Groups
To obtain a list of groups that the user belongs to, this code calls theLdapAuthentication.GetGroups?????? ??? TheLdapAuthentication.GetGroups???? obtains ?? ?????????? ?? ????? ???? ??? ?? ??????? ?? ????? ?????? ?? ??? ???? ????DirectorySearcher???????? ?? ?? ?????? ?? ??????? ????memberOf??????? ??? ?? ???? ?? ?? ?????? (|) ?? ?????? ??? ?????? ?? ???? ???? ???

?? ?????LdapAuthentication.GetGroups???? manipulates ?? ?????????? truncates ??? ?? ???????? ??????? ???? ??? ???????? ?? ????? ?? ?? ???? ??? ??? ??? ???????? ???? ???? ??, ???????? ???? ?? ?????? ?? ?? ??? ???:
CN=...,...,DC=domain,DC=com
				
?? ?? ???? ???????? ??? ???? ???? ??? ?? ???????? ?? ????? ???? ?? ????? ?? ???? ??, ?? ?????????? ???? ?? ????? ???? ?? ???? ??? ?? ???????? ???? ?? ????? ?? ???? ??????? ??? ?? ?? ???? ??, ??? ?? asp.NET ??? ???????? ?? ???? ??????? ??? ???? ??????? ?? ???????? ???? ?? ??? ?? ????? ???????? ??? ??, ?? ???? ?? ?? ???? ????? ?????????? ???? ?? ???? ???? ??? ??????? ????? ??? ?? ??????? ???????? ???? ?? ????

Global.asax ??? ?????

Global.asax ????? ??? ??? ?????? ????? ?? ??Application_AuthenticateRequest????? ??????? ?? ????? ?????? retrieves ??????? ???? ??Context.Request.Cookies??????, ???? decrypts, ?? ??? ???????? ???? ????? ?? ?????? ?? ???? retrievesFormsAuthenticationTicket.UserData???? ???? ??? ?? ???? ???? ???? Logon.aspx ????? ??? ???? ?? ????? ???

??? ?????? ???????? ?? ????? ?? ??? ?? ???????? ???? ??? ??GenericPrincipal???????? ??? ???? ???GenericPrincipal???????? ????? ??? ??, ?? ???????? ??? ??? ??HttpContext.User????
  1. ?????? Explorer ???, ???? ?????Global.asax?? ????-????? ????, ?? ???? ???????? ???.
  2. ???, Global.asax.vb ????? ?? ???? ?? ????? ?? ????? ??? ?? ??????:
    Imports System.Web.Security
    Imports System.Security.Principal
    					
  3. ?????? ???? ????? ?????? ?? ??? ?????Application_AuthenticateRequest????? ???: ?? ???
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
            ' Fires upon attempting to authenticate the use
            Dim cookieName As String = FormsAuthentication.FormsCookieName
            Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
    
            If (authCookie Is Nothing) Then
                'There is no authentication cookie.
                Return
            End If
    
            Dim authTicket As FormsAuthenticationTicket = Nothing
    
            Try
                authTicket = FormsAuthentication.Decrypt(authCookie.Value)
            Catch ex As Exception
                'Write the exception to the Event Log.
                Return
            End Try
    
            If (authTicket Is Nothing) Then
                'Cookie failed to decrypt.
                Return
            End If
    
            'When the ticket was created, the UserData property was assigned a
            'pipe-delimited string of group names.
            Dim groups As String() = authTicket.UserData.Split(New Char() {"|"})
    
            'Create an Identity.
            Dim id As GenericIdentity = New GenericIdentity(authTicket.Name, "LdapAuthentication")
    
            'This principal flows throughout the request.
            Dim principal As GenericPrincipal = New GenericPrincipal(id, groups)
    
            Context.User = principal
    
        End Sub
    					

Web.config ????? ??????? ????

?? ?????? ??? ?? ???????????????,???????, ?????????Web.config ????? ??? ????? ?? ?????????? ?? ??? ???? ?????? ?????????? ?? ????????? ?? ????? ???? ???, ?? ?? Logon.aspx ????? ?? ??????? ?????? ?????????????? ???? ?? ?? ??????????? ?? ???? ??? ???????????? ?? ?????? ?? ????? ????????? ?? ??? ?????? ???? ?? ??? ??????? ?? ???? ????

?????? ??? Web.config ????? ??? ????? ??? ?? ???????????? ????:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>    
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="logon.aspx" name="adAuthCookie" timeout="60" path="/" >
      </forms>
    </authentication>	
    <authorization>	
      <deny users="?" />
      <allow users="*" />
    </authorization>	
    <identity impersonate="true" />
  </system.web>
</configuration>
				
?????????? ?????????? "true" = /??????????? ????? ???? ???? asp.NET ???? ???? ?? Microsoft ??????? ?????????? ???????? (IIS) ?? ??? ??? ???????? ???? ??? ???? ?? ?????????? ???? ?? ??? ??? ?? ??? ??? ??? ?????? ?? ?? ??????????? ???, ?? ????????? ?? ??? ??? ?????? ????? ???????? ???? ??? ???? ?? ??????? ?????? ?? ???????? ?????????? ?????? ?????????? ?? ??????? ???????? ???? ?? ??? ??????????? ?????? ???? ??, ????? ?????? ?????????? ?? ??????? ?? ?? ???? ???????? ???? ??? ???? ??? ???? ??????? ?? ???, ???????????????

IIS ???? ??????? ?? ??? ???????? ????

???? ??????? ?? ??? IIS ?? ???????? ???? ?? ??? ????? ????? ?? ???? ????:
  1. ??????? ?????????? ???????? (IIS) ??????? ????? ??? ??????? ?????????? ??? ?? ??? ????-?????"FormsAuthAd".
  2. ????? ???????????? ????, ?? ???? ????????????? ?????????? ?? ????? ????..
  3. ????? ????,???????? ??????????? ????? ?? ??????? ????????.
  4. ???????????? ???????? ?????.
  5. ???? ?? ????????? ?? ??? ???? ???? ?? ?????? ?????????? ?? ?????? ???? ???? ???? ????
  6. ???? ???? ?? ??? ????? ???????????? ?? ??? IIS ??? ?????????? ?????.
??????? IUSR_computername???? ?? ??? ?????? ?????????? ?? ?????? ???? ???

Logon.aspx ????? ?????

??? ??? asp.NET ??? ??????? Logon.aspx ???? ????? ?? ???, ????? ????? ?? ???? ????:
  1. ?????? Explorer ???, ????????? ??? ?? ????-????? ????, ?? ????? ????add?? ????-????? ????, ?? ???? ?????? ??????? ?????.
  2. ??????:Logon.aspx????????????? ???, ?? ???? ????????.
  3. ?????? Explorer ???, ???? ?????Logon.aspx?? ????-????? ????, ?? ???? ???????? ???????.
  4. ????? ????html??? ??????? ??? ???
  5. ?????? ??? ?? ????? ??? ?? ???????????? ????:
    <%@ Page language="vb" AutoEventWireup="true" %>
    <%@ Import Namespace="FormsAuthAd.FormsAuth" %>
    <html>
    	<body>
    		<form id="Login" method="post" runat="server">
    			<asp:Label ID="Label1" Runat="server">Domain:</asp:Label>
    			<asp:TextBox ID="txtDomain" Runat="server"></asp:TextBox><br>
    			<asp:Label ID="Label2" Runat="server">Username:</asp:Label>
    			<asp:TextBox ID="txtUsername" Runat="server"></asp:TextBox><br>
    			<asp:Label ID="Label3" Runat="server">Password:</asp:Label>
    			<asp:TextBox ID="txtPassword" Runat="server" TextMode="Password"></asp:TextBox><br>
    			<asp:Button ID="btnLogin" Runat="server" Text="Login" OnClick="Login_Click"></asp:Button><br>
    			<asp:Label ID="errorLabel" Runat="server" ForeColor="#ff3300"></asp:Label><br>
    			<asp:CheckBox ID="chkPersist" Runat="server" Text="Persist Cookie" />
    		</form>
    	</body>
    </html>
    <script runat="server">
    sub Login_Click(sender as object,e as EventArgs)
      Dim adPath as String = "LDAP://DC=..,DC=.." 'Path to your LDAP directory server
      Dim adAuth as LdapAuthentication = new LdapAuthentication(adPath)
      try
        if(true = adAuth.IsAuthenticated(txtDomain.Text, txtUsername.Text, txtPassword.Text)) then
          Dim groups as string = adAuth.GetGroups()
    
          'Create the ticket, and add the groups.
          Dim isCookiePersistent as boolean = chkPersist.Checked
          Dim authTicket as FormsAuthenticationTicket = new FormsAuthenticationTicket(1, _
               txtUsername.Text,DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups)
    	
          'Encrypt the ticket.
          Dim encryptedTicket as String = FormsAuthentication.Encrypt(authTicket)
    		
          'Create a cookie, and then add the encrypted ticket to the cookie as data.
          Dim authCookie as HttpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
    
          if(isCookiePersistent = true) then
    		authCookie.Expires = authTicket.Expiration
          end if				
          'Add the cookie to the outgoing cookies collection.
          Response.Cookies.Add(authCookie)	
    
          'You can redirect now.
          Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false))
        
        else
          errorLabel.Text = "Authentication did not succeed. Check user name and password."
        end if
     
      catch ex as Exception
        errorLabel.Text = "Error authenticating. " & ex.Message
      end try
    end sub
    </script>
    					
  6. ???? LDAP ?????????? ????? ?? ????? ???? ?? ??? Logon.aspx ????? ??? ?? ?? ??????? ?????
Logon.aspx ????? ?? ???? ????? ?? ?? ?????????? ?? ??? ??????? ??? ?? ??????? ??????? ???? ??LdapAuthentication????? ??? ?????????? authenticates ?? ???? ?? ?? ???? obtains ??, ?? ??? ??? ?? ???? ??? ????? ???? ??:
  • ????? ?? ??FormsAuthenticationTicket????????;
  • ????; encrypts
  • ???????????? ???? ????; ????? ??
  • ???? ?? ????? ??HttpResponse.Cookies??????;
  • ??? ??? ?? ?????? ???? ??? URL ?? ??? ?????? ?????

WebForm1.aspx ????? ?? ??????? ????

WebForm1.aspx ????? ??? ??? ??? ?? ?????? ?? ?? ????? ??? ?? ?????????? ?? ????? ?? ?????? ???? ??, ?? ?????? ???? ?? ??? Logon.aspx ?????????????? ?? ?????? ?????? ?????????? ??, ?? ??? ?????? WebForm1.aspx ????? ?? ??? ?????????????? ???
  1. ?????? Explorer ???, ???? ?????WebForm1.aspx?? ????-????? ????, ?? ???? ???????? ???????.
  2. ????? ????html??? ??????? ??? ???
  3. ?????? ??? ?? ????? ??? ?? ???????????? ????:
    <%@ Page language="vb" AutoEventWireup="true" %>
    <%@ Import Namespace="System.Security.Principal" %>
    <html>
    	<body>
    		<form id="Form1" method="post" runat="server">
    			<asp:Label ID="lblName" Runat="server" /><br>
    			<asp:Label ID="lblAuthType" Runat="server" />
    		</form>
    	</body>
    </html>
    <script runat="server">
    sub Page_Load(sender as object, e as EventArgs)
      lblName.Text = "Hello " + Context.User.Identity.Name & "."
      lblAuthType.Text = "You were authenticated using " &   Context.User.Identity.AuthenticationType & "."
    end sub
    </script>
    					
  4. ??? ?????? ?? ??????, ?? ?? ????????? ??????? ?????
  5. WebForm1.aspx ????? ?? ??? ?????? ????? ????? ??? ?? ?? Logon.aspx ???? ?? ??? ?????????????? ????
  6. ????? ??????????? ???? ????, ?? ???? ??? ????? ????????? ????. ?? ?? WebForm1.aspx ???? ?? ??? ?????????????? ???, ?? ????? ?? ???? ?????????? ??? ????? ?? ?? ??LdapAuthentication?? ??? ??????? ?????? ??Context.User.Identity.AuthenticationType????
???:Microsoft ??????? ???? ?? ?? ??????? ??????? ???? (SSL) ?? ??????????? ??????? ??????? ?? ????? ????? ?? ??????? ?????????? ??????? ???? ?? ?????? ?????? ??, ?? SSL ??????????? ?? ????????? ?? ??? ?? ??????? ???? ?? ??? ?? ???? ???????? ??????? ???????? ???? ?? ??? ?? ?? compromising ?? ????? ???

??????

???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ???????? ????? ????::
306590ASP.NET ??????? ????????? ??????
317012ASP.NET ??? ????????? ?? ?????? ?????
306238Visual Basic .NET ?? ????? ?? ???? asp.NET ????????? ??? ???-?????? ??????? ?????????-?????? ?????????? ?? ??????????? ???? ?? ??? ???? ????
313091??????? ?????????? ??? ????? ?? ??? Visual Basic .NET ?? ????? ?? ????? ?? ????? ?? ??? ???? ????
313116??????? ??????? ?????? loginUrl ????? ?? ??? ????????? ???? ???

???

???? ID: 326340 - ????? ???????: 04 ?????? 2010 - ??????: 2.0
???? ???? ???? ??:
  • Microsoft ASP.NET 1.0
  • Microsoft Visual Basic .NET 2002 Standard Edition
  • Microsoft ASP.NET 1.1
  • Microsoft Visual Basic .NET 2003 Standard Edition
??????: 
kbconfig kbcookie kbhowtomaster kbsecurity kbwebforms kbmt KB326340 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:326340

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com