How to authenticate against the Active Directory by using Forms authentication and Visual C# .NET http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q316748 不知道这个咋的,看看ing……
[DllImport("advapi32.dll", SetLastError=true)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("kernel32.dll", CharSet=CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); [DllImport("Kernel32.dll")] public static extern int GetLastError(); [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")] private void LogON() { IntPtr tokenHandle = new IntPtr(0); IntPtr dupeTokenHandle = new IntPtr(0); try { string UserName, MachineName ,PassWord; // Get the user token for the specified user, machine, and password using the // unmanaged LogonUser method. MachineName = this.txtMachinename.Text; UserName = this.txtUserName.Text; PassWord = this.txtpass.Text;
// const int LOGON32_PROVIDER_WINNT50 = 2; // //This parameter causes LogonUser to create a primary token. // const int LOGON32_LOGON_INTERACTIVE = 3; const int SecurityImpersonation = 2; tokenHandle = IntPtr.Zero; dupeTokenHandle = IntPtr.Zero; // Call LogonUser to obtain a handle to an access token. bool returnValue = LogonUser(UserName, MachineName, PassWord, Convert.ToInt32(this.txtdwLogonType.Text),Convert.ToInt32(this.txtdwLogonProvider.Text) ,ref tokenHandle);
// Check the identity. bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle); if (false == retVal) { return; } else { this.TextBox1.Text = "OK"; } // The token that is passed to the following constructor must // be a primary token in order to use it for impersonation. WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle); WindowsImpersonationContext impersonatedUser = newId.Impersonate(); // Check the identity.
// Stop impersonating the user. impersonatedUser.Undo(); // Check the identity. // Free the tokens. if (tokenHandle != IntPtr.Zero) CloseHandle(tokenHandle); if (dupeTokenHandle != IntPtr.Zero) CloseHandle(dupeTokenHandle); } catch(Exception ex) { this.TextBox1.Text = ex.Message; } }
ASP.NET 必须需要匿名登录,如果没有则会跳出帐号密码框,先通过IIS认证,才能进入ASP.NET的认证,我们讨论的身份验证都是ASP.NET的。 具体认证过程可参考MSDN帮助上的:ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.2052/cpguide/html/cpconaspnetdataflow.htm
实现应该是可能的,比方说Sharepoint本来也是集成AD的,但她提供Single Sign-On的技术,可以提供账号映射的方式让外网的用户登录Portal。
希望各位能够提供一些思路!!谢谢
研究ing……
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q316748
不知道这个咋的,看看ing……
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle); [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); [DllImport("Kernel32.dll")]
public static extern int GetLastError(); [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
private void LogON()
{
IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);
try
{
string UserName, MachineName ,PassWord; // Get the user token for the specified user, machine, and password using the
// unmanaged LogonUser method.
MachineName = this.txtMachinename.Text;
UserName = this.txtUserName.Text;
PassWord = this.txtpass.Text;
// const int LOGON32_PROVIDER_WINNT50 = 2;
// //This parameter causes LogonUser to create a primary token.
// const int LOGON32_LOGON_INTERACTIVE = 3;
const int SecurityImpersonation = 2; tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero; // Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(UserName, MachineName, PassWord,
Convert.ToInt32(this.txtdwLogonType.Text),Convert.ToInt32(this.txtdwLogonProvider.Text)
,ref tokenHandle);
this.TextBox1.Text = returnValue.ToString() +" "+ GetLastError().ToString();
// Check the identity.
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle);
if (false == retVal)
{
return;
}
else
{
this.TextBox1.Text = "OK";
}
// The token that is passed to the following constructor must
// be a primary token in order to use it for impersonation.
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
// Check the identity.
// Stop impersonating the user.
impersonatedUser.Undo(); // Check the identity.
// Free the tokens.
if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);
if (dupeTokenHandle != IntPtr.Zero)
CloseHandle(dupeTokenHandle);
}
catch(Exception ex)
{
this.TextBox1.Text = ex.Message;
}
}
----------------------------------------呵呵,也有这种需求啊,例如你在外网给客户提供Demo,不希望将机器上的账号透露出去,看能否提供一个临时页面,在内部将Windows帐户封装起来,直接导航到需要的页面啊
[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);API函数来得到用户认证,然后用
WindowsIdentity newId = new WindowsIdentity(phToken);
WindowsImpersonationContext impersonatedUser = newId.Impersonate();来模拟认证,更改登陆用户。
如果别人登录我的A应用,则会弹出一个要求输入账号密码的对话框。我希望别人先登录B应用,B应用用一个固定的Windows账号模拟登录到A的页面,这样就不会弹出对话框了。
具体认证过程可参考MSDN帮助上的:ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.2052/cpguide/html/cpconaspnetdataflow.htm