��к�

Select the product you need help with

�Ըա��Ѻ�ͧ��١��ͧ��Ѻ Active Directory ��Ẻ��Ѻ�ͧ��١��ͧ�� Visual Basic .NET

��Ţ�� (Article ID): 326340 - ��Ե�ѳ��Ǣ�ͧ㹺��

��ԡ��ʹ٢�ͨӡѴ��Ѻ�Դ�ͺ�ͧ KB ��¤��

��ԡ��ʴ��¤��е鹩�Ѻ��ѧ��§��ҧ�ѹ

��·�� | �غ��

��ա�÷��Т�鹵͹��͸Ժ��Ը� ASP.NET ��ء��ö��Ѻ�ͧ��١��ͧ�ͧ��͹حҵ��Ѻ�ͧ��١��ͧ��Ѻ Active Directory �� Lightweight ��á��ա��Ҷ֧��ⷤ�� (LDAP) ��

��ѧ�ҡ��Ѻ�ͧ��١��ͧ ��С��¹��鹷ҧ �س��ö��Application_AuthenticateRequest�Ըա�èѴ�� Global.asax ��GenericPrincipal�ѵ��㹹��HttpContext.User�س��ѵ� flows ��ʹ��ͧ��

��ҧ�;��पѹ�� ASP.NET �� Visual Basic .NET

�ӵ��鹵͹��ҹ��ҧ��ء�� ASP.NET �� FormsAuthAd � Visual Basic .NET:

�� Microsoft Visual Studio .NET
㹡����:�� 价������ ԡProject.
��ԡ�ç�� visual Basic����Դ�ç���� ԡ�;��पѹ�� asp.net����Ẻ.
㹡����˹�:��ͧ ��Դhttp:// <servername> / FormsAuthAd </servername>(᷹��http://localhost��Ҥس��ѧ��ͧ (so ��http://localhost/FormsAuthAd�� ԡ��ŧ.
��ԡ����ҧ�ԧ:�˹�� Explorer ��٪ѹ ��Ǥ�ԡ��ҧ�ԧ.
㹡��.NET��㹹����ҧ�ԧ��ͧ��ͺ ��ԡSystem.DirectoryServices.dll��ԡ��͡�� ԡ��ŧ.

��¹��ʡ��Ѻ�ͧ��١��ͧ

�ӵ��鹵͹��ҹ��ҧ��ä�� LdapAuthentication.vb:

��٪ѹ Explorer ��ԡ��ҷ��˹�ç�� 价��add�� ԡ��¡��.
��ԡ������Ẻ.
��:LdapAuthentication.vb㹡����:��ͧ ��Ǥ�ԡOPEN.

᷹�鴷�� LdapAuthentication.vb ��ʵ��仹��:

Imports System
Imports System.Text
Imports System.Collections
Imports System.DirectoryServices

Namespace FormsAuth
    Public Class LdapAuthentication

        Dim _path As String
        Dim _filterAttribute As String

        Public Sub New(ByVal path As String)
            _path = path
        End Sub

        Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean

            Dim domainAndUsername As String = domain & "\" & username
            Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)

            Try
                'Bind to the native AdsObject to force authentication.			
                Dim obj As Object = entry.NativeObject
                Dim search As DirectorySearcher = New DirectorySearcher(entry)

                search.Filter = "(SAMAccountName=" & username & ")"
                search.PropertiesToLoad.Add("cn")
                Dim result As SearchResult = search.FindOne()

                If (result Is Nothing) Then
                    Return False
                End If

                'Update the new path to the user in the directory.
                _path = result.Path
                _filterAttribute = CType(result.Properties("cn")(0), String)

            Catch ex As Exception
                Throw New Exception("Error authenticating user. " & ex.Message)
            End Try

            Return True
        End Function

        Public Function GetGroups() As String
            Dim search As DirectorySearcher = New DirectorySearcher(_path)
            search.Filter = "(cn=" & _filterAttribute & ")"
            search.PropertiesToLoad.Add("memberOf")
            Dim groupNames As StringBuilder = New StringBuilder()

            Try
                Dim result As SearchResult = search.FindOne()
                Dim propertyCount As Integer = result.Properties("memberOf").Count

                Dim dn As String
                Dim equalsIndex, commaIndex

                Dim propertyCounter As Integer

                For propertyCounter = 0 To propertyCount - 1
                    dn = CType(result.Properties("memberOf")(propertyCounter), String)

                    equalsIndex = dn.IndexOf("=", 1)
                    commaIndex = dn.IndexOf(",", 1)
                    If (equalsIndex = -1) Then
                        Return Nothing
                    End If

                    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
                    groupNames.Append("|")
                Next

            Catch ex As Exception
                Throw New Exception("Error obtaining group names. " & ex.Message)
            End Try

            Return groupNames.ToString()
        End Function
    End Class
End Namespace

��͸Ժ�¢ͧ��ʡ�â��

��ʡ��Ѻ�ͧ��١��ͧ��Ѻ�� ͼ�� ʼ�ҹ ��鹷ҧ��ѧἹ�� Active Directory ��ʹ��ԡ�� LDAP ��á��

��Ѻ�ͧ��١��ͧ�ͧ��

�� Logon.aspx ˹�ҡ��¡�LdapAuthentication.IsAuthenticated�Ըա��м�ҹ�㹢��Ż�Шӵ�Ƿ��Ǻ��ҡ�� ҡ �� DirectoryEntry�ѵ�ض١��ҧ�� 鹷ҧ��ѧἹ��á�� ͼ�� ʼ�ҹ ��ͼ��ͧ��ٻẺ "��\��" ��кǹ��DirectoryEntry�ѵ��Ǿ��ѧ�ѺAdsObject��ü١ ��Ѻ��NativeObject�س��ѵ� ��ҹ��cn�س�ѡɳ��Ѻ��Ѻ �¡��ҧ��DirectorySearcher�ѵ�� д��¡�á�ͧ��SAMAccountName. ��ѧ�ҡ��Ѻ�ͧ��١��ͧIsAuthenticated�Ըա��觤׹True.

��˵�:��ͤس�� LDAP �١�Ѻ�ѵ�ط��ǡѺ Active Directory �� TCP �ж١��ҹ �� LDAP ��System.DirectoryServicesnamespace �Ҩ�� TCP �� س�Ҩ��öŴ��Ŵ TCP �¡��ͷ��س��Ѻ�ͧ��١��ͧ�ͧ��ͧ�س��

��

��͵�ͧ��ô��¡�âͧ�� ¡��ʹ��LdapAuthentication.GetGroups�Ըա�� кǹ��LdapAuthentication.GetGroups�Ըա�â��Ѻ��¡�âͧ��ѡ�Ҥ��ʹ��С��ᨡ��·�� ¡��ҧ��DirectorySearcher�ѵ�� С�á�ͧ��ŵ��memberOf�͵��Ժ�ǵ� �Ըչ��觡�Ѻ��¡�âͧ�� pipes (|)

�ѧࡵ�� LdapAuthentication.GetGroups�Ը� manipulates �� truncates ʵ�ԧ�� 觪��Ŵ��Ǣͧ��ѡ��з��١��㹤ء��Ѻ�ͧ��١��ͧ ��ѡ��١�Ѵ�͹ �ٻẺ�ͧ��С��ҡ��繴ѧ��:

CN=...,...,DC=domain,DC=com

�Ըչ��ö��ҧʵ�ԧ��դ��ҡ ��Ҥ��Ǣͧ��ͤ��դ��ҡ��Ҥ��Ǣͧ�ء�� Ҩ��ҧ�ء��Ѻ�ͧ��١��ͧ ��Ң�ͤ��Ҩ�Ҩ��ҡ��Ҥ��Ǣͧ�ء�� س�Ҩ��ͧ��红��š�� ᤪ ASP.NET �ѵ�� 㹰ҹ�� ա�Ը�˹�觤�� س�Ҩ��ͧ��Ѻ��š�� 红��Ź��ࢵ��ſ��͹��

��¹�� Global.asax

�ʴ�� Global.asax ��Application_AuthenticateRequest��ǨѴ��˵ء�ó� ��ǨѴ��˵ء�ó��֧��Ťء��Ѻ�ͧ��١��ͧ�ҡ��Context.Request.Cookies��š�ѹ decrypts �ء�� д֧��¡�âͧ��ж١��㹹��FormsAuthenticationTicket.UserData�س��ѵ� ��ҡ��ª��ͷ��任��ҧ��˹�� Logon.aspx

��¡��ʵ�ԧ��ʵ�ԧ��ҧ��GenericPrincipal�ѵ�� ѧ�ҡGenericPrincipal�ѵ�ض١��ҧ �ҧ�ѵ�ع��㹹��HttpContext.User�س��ѵ�

��ԡ�� Explorer ��٪ѹGlobal.asax�� ԡ��ʢͧ��ͧ.
��ʵ��仹��ҹ��ͧ�� ѧ�� Global.asax.vb:
Imports System.Web.Security Imports System.Security.Principal

��ǨѴ��˵ء�ó��ҧ��Ѻ᷹Application_AuthenticateRequest��ʵ��仹��:

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
        ' Fires upon attempting to authenticate the use
        Dim cookieName As String = FormsAuthentication.FormsCookieName
        Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)

        If (authCookie Is Nothing) Then
            'There is no authentication cookie.
            Return
        End If

        Dim authTicket As FormsAuthenticationTicket = Nothing

        Try
            authTicket = FormsAuthentication.Decrypt(authCookie.Value)
        Catch ex As Exception
            'Write the exception to the Event Log.
            Return
        End Try

        If (authTicket Is Nothing) Then
            'Cookie failed to decrypt.
            Return
        End If

        'When the ticket was created, the UserData property was assigned a
        'pipe-delimited string of group names.
        Dim groups As String() = authTicket.UserData.Split(New Char() {"|"})

        'Create an Identity.
        Dim id As GenericIdentity = New GenericIdentity(authTicket.Name, "LdapAuthentication")

        'This principal flows throughout the request.
        Dim principal As GenericPrincipal = New GenericPrincipal(id, groups)

        Context.User = principal

    End Sub

��Ѻ��¹�� Web.config

��ǹ�� س��˹��ҹ��Ẻ����кǹ���Ѻ�ͧ��١��ͧ����͹حҵͧ��Сͺ�� Web.config ��¡��¹�ŧ��ҹ�� ੾�� authenticated ��ö��Ҷ֧�;��पѹ ��ա��¹��鹷ҧ��ѧ� Logon.aspx unauthenticated ��ͧ�� س��ö��Ѻ��¹��õ�駤�Ҥ͹�ԡ��͹حҵ��੾�Ф�ҷ��͹��С��Ҷ֧�;��पѹ

᷹�鴷�� Web.config ��ʵ��仹��:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>    
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="logon.aspx" name="adAuthCookie" timeout="60" path="/" >
      </forms>
    </authentication>	
    <authorization>	
      <deny users="?" />
      <allow users="*" />
    </authorization>	
    <identity impersonate="true" />
  </system.web>
</configuration>

�ӻ�С�ȹ����ʻ�Шӵ�� impersonate = "true" /ͧ��Сͺ�ͧ��õ�駤�Ҥ͹�ԡ ��觷�� ASP.NET �� impersonate �ͤ�ҷ��ա�á�˹��繺ѭ�շ��кت��ͨҡ Microsoft ��ź�ԡ�÷ҧ�Թ�� (IIS) �繼��Ҩҡ��á�˹��ҹ�� ͧ�ͷ��ѧ��ء��ӧҹ��Ժ��ѡ�Ҥ��ʹ��¢ͧ�ѭ�շ��Ѵ�çẺ ��Ż�Шӵ�Ǣͧ��Ѻ�ͧ��١��ͧ��Ѻ Active Directory ��ѭ�շ��Ҷ֧ Active Directory �� ѭ�շ��Ѵ�çẺ ��Ѻ�� ҧ�ԧ:��ǹ

��õ�駤�Ҥ͹�ԡ IIS ��Ѻ��Ѻ�ͧ��١��ͧẺ��кت��

��͵�ͧ��õ�駤�Ҥ͹�ԡ IIS ��Ѻ��Ѻ�ͧ��١��ͧẺ��кت�� Թ��ôѧ��仹��:

㹤͹�š�èѴ��ú�ԡ�â��ŷҧ�Թ�� (IIS) ��ԡ��ҷ��˹��á��͹��Ѻ"FormsAuthAd".
��ԡ���س��ѵ��� ԡ����ʹ��¢ͧ��á����
��ԡ�����Ǻ��Ҷ֧��С��Ѻ�ͧ��١��ͧẺ��кت��.
��͡����Ҷ֧Ẻ��кت����ͧ��ͧ��
��ѭ�շ��кت��Ѻ��ء��ѭ�շ��Է��㹡�� Active Directory
��ԡ��¡��ԡ��͡��͹حҵ�� IIS ��ѧ��ǤǺ��ʼ�ҹ��ͧ��ͧ��

�� IUSR_computername�ѭ��Է��㹡�� Active Directory

��ҧ� Logon.aspx

�ӵ��鹵͹��ҹ��ҧ�� ASP.NET ��觪�� Logon.aspx:

��٪ѹ Explorer ��ԡ��ҷ��˹�ç�� 价��add�� ԡ��.
��:Logon.aspx㹡����:��ͧ ��Ǥ�ԡOPEN.
��ԡ�� Explorer ��٪ѹLogon.aspx�� ԡ��͡Ẻ��ͧ.
��ԡ��html�� Designer

᷹��ʷ�� ʵ��仹��:

<%@ Page language="vb" AutoEventWireup="true" %>
<%@ Import Namespace="FormsAuthAd.FormsAuth" %>
<html>
	<body>
		<form id="Login" method="post" runat="server">
			<asp:Label ID="Label1" Runat="server">Domain:</asp:Label>
			<asp:TextBox ID="txtDomain" Runat="server"></asp:TextBox><br>
			<asp:Label ID="Label2" Runat="server">Username:</asp:Label>
			<asp:TextBox ID="txtUsername" Runat="server"></asp:TextBox><br>
			<asp:Label ID="Label3" Runat="server">Password:</asp:Label>
			<asp:TextBox ID="txtPassword" Runat="server" TextMode="Password"></asp:TextBox><br>
			<asp:Button ID="btnLogin" Runat="server" Text="Login" OnClick="Login_Click"></asp:Button><br>
			<asp:Label ID="errorLabel" Runat="server" ForeColor="#ff3300"></asp:Label><br>
			<asp:CheckBox ID="chkPersist" Runat="server" Text="Persist Cookie" />
		</form>
	</body>
</html>
<script runat="server">
sub Login_Click(sender as object,e as EventArgs)
  Dim adPath as String = "LDAP://DC=..,DC=.." 'Path to your LDAP directory server
  Dim adAuth as LdapAuthentication = new LdapAuthentication(adPath)
  try
    if(true = adAuth.IsAuthenticated(txtDomain.Text, txtUsername.Text, txtPassword.Text)) then
      Dim groups as string = adAuth.GetGroups()

      'Create the ticket, and add the groups.
      Dim isCookiePersistent as boolean = chkPersist.Checked
      Dim authTicket as FormsAuthenticationTicket = new FormsAuthenticationTicket(1, _
           txtUsername.Text,DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups)
	
      'Encrypt the ticket.
      Dim encryptedTicket as String = FormsAuthentication.Encrypt(authTicket)
		
      'Create a cookie, and then add the encrypted ticket to the cookie as data.
      Dim authCookie as HttpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)

      if(isCookiePersistent = true) then
		authCookie.Expires = authTicket.Expiration
      end if				
      'Add the cookie to the outgoing cookies collection.
      Response.Cookies.Add(authCookie)	

      'You can redirect now.
      Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false))
    
    else
      errorLabel.Text = "Authentication did not succeed. Check user name and password."
    end if
 
  catch ex as Exception
    errorLabel.Text = "Error authenticating. " & ex.Message
  end try
end sub
</script>

��Ѻ��¹��鹷ҧ�˹�� Logon.aspx ��ѧ�� LDAP ��á��բͧ�س

˹�� Logon.aspx ��˹�ҷ��Ǻ��Ũҡ��С��¡�Ը�㹡��LdapAuthentication��ʷ�� ѧ�ҡ�� authenticates �� ¡�âͧ��â��Ѻ ��ʷӵ��仹��觹��:

��ҧ��FormsAuthenticationTicket�ѵ��
�ѵ� ��
��ѵ÷��Ѻ�ء��
��ء��ѧHttpResponse.Cookies��š�ѹ
��¹��鹷ҧ��ͧ��ѧ URL ��١��ͧ�͵��á

��Ѻ��¹� WebForm1.aspx

˹�� WebForm1.aspx �� ྨ��ա��ͧ�͵��á ��ͼ��ͧ��ྨ�� ͧ�Ͷ١��¹��鹷ҧ��ѧ Logon.aspx ˹�� ѧ�ҡ��ͧ�ͨ��Ѻ�ͧ��١��ͧ �ӢͶ١��¹��鹷ҧ��ѧྨ�� WebForm1.aspx

��ԡ�� Explorer ��٪ѹWebForm1.aspx�� ԡ��͡Ẻ��ͧ.
��ԡ��html�� Designer

᷹��ʷ�� ʵ��仹��:

<%@ Page language="vb" AutoEventWireup="true" %>
<%@ Import Namespace="System.Security.Principal" %>
<html>
	<body>
		<form id="Form1" method="post" runat="server">
			<asp:Label ID="lblName" Runat="server" /><br>
			<asp:Label ID="lblAuthType" Runat="server" />
		</form>
	</body>
</html>
<script runat="server">
sub Page_Load(sender as object, e as EventArgs)
  lblName.Text = "Hello " + Context.User.Identity.Name & "."
  lblAuthType.Text = "You were authenticated using " &   Context.User.Identity.AuthenticationType & "."
end sub
</script>

�ѹ�֡�� С�ä��ç��
��ͧ�� WebForm1.aspx ��ѧࡵ�� س��¹�� Logon.aspx
��Ż�Шӵ�ǡ��к� ��Шҡ�� ԡ��. ��ͤس��¹��鹷ҧ��ѧ WebForm1.aspx ��ѧࡵ�� ͼ��ҡ�� з��LdapAuthentication�ժ�Դ�ͧ��Ѻ�ͧ��١��ͧ��Ѻ��Context.User.Identity.AuthenticationType�س��ѵ�

��˵�:Microsoft �й�� س�� Secure Sockets Layer (SSL) ��Ѻ��ͤس��Ѻ�ͧ��١��ͧ�ͧ�� ͧ�ҡ��к��ִ��ء��Ѻ�ͧ��١��ͧ ��С��Ѻ SSL ��䫵��ء��ͧ�ѹ�ء�� compromising �ء��Ѻ�ͧ��١��ͧ��դ�Ң�� ١��

��Ѻ仴�ҹ�� | ��ʹ��

��ҧ�ԧ

�ҡ��ͧ��÷�Һ�� ô��ԡ��Ţ��仹��ʹٺ�� Microsoft Knowledge Base::

306590

(http://support.microsoft.com/kb/306590/ )

�Ҿ��ѡ�Ҥ��ʹ��¢ͧ asp.net

317012

(http://support.microsoft.com/kb/317012/ )

��ǻ��ż��С��ͧ�� ASP.NET

306238

(http://support.microsoft.com/kb/306238/ )

�Ըա��ҷ��ѡ�Ҥ��ʹ�� Ẻ��Ѻ�ͧ��١��ͧ��ء�� ASP.NET �ͧ�س �� Visual Basic .NET

313091

(http://support.microsoft.com/kb/313091/ )

�Ըա��ҧ�� Visual Basic .NET ��Ѻ��㹡��Ѻ�ͧ��١��ͧ�ͧ��

313116

(http://support.microsoft.com/kb/313116/ )

Ẻ��ͧ�͡��Ѻ�ͧ��١��ͧ��˹�� loginUrl

��Ѻ仴�ҹ�� | ��ʹ��

�س��ѵ�

��Ţ�� (Article ID): 326340 - ��Ǥ��ش��: 13 ��Ҥ� 2554 - Revision: 5.0

��Ѻ

Microsoft ASP.NET 1.0
Microsoft Visual Basic .NET 2002 Standard Edition
Microsoft ASP.NET 1.1
Microsoft Visual Basic .NET 2003 Standard Edition

kbconfig kbcookie kbhowtomaster kbsecurity kbwebforms kbmt KB326340 KbMtth

��¤��

��Ӥѭ: ��«Ϳ��Ŵ��¤��ͧ Microsoft ᷹��繹ѡ�ŷ��繺ؤ�� Microsoft �պ��¹ѡ��к��Ŵ��¤�� س��ö��Ҷ֧��㹰ҹ��ͧ�� Ңͧ�س�ͧ ��ҧ�á�� Ŵ��¤��Ҩ�բ�ͺ��ͧ ��Ҩ�բ�ͼԴ��Ҵ㹤��Ѿ�� ٻẺ��ҡó� ��ǡѺ�óշ��ǵ�ҧ�ҵԾٴ�Դ��;ٴ��Ңͧ�س Microsoft ��ǹ�Ѻ�Դ�ͺ��ͤ��Ҵ��͹ ��Դ��Ҵ��ͤ��·��Դ�ҡ��ҼԴ��Ҵ ��͡��麷�Ţͧ�١�� Microsoft �ա�û�Ѻ��ا�Ϳ��Ŵ��¤��繻�Ш�

��仹��繩�Ѻ��ѧ��ɢͧ��:326340

(http://support.microsoft.com/kb/326340/en-us/ )

��Ѻ仴�ҹ�� | ��ʹ��