LDAP的用户认证类。
public class LDAPHelper
{
private DirectoryEntry _objDirectoryEntry; /// <summary>
/// 构造函数
/// </summary>
/// <param name="LADPath">ldap的地址,例如"LDAP://***.***.48.110:389/dc=***,dc=com"</param>
/// <param name="authUserName">连接用户名,例如"cn=root,dc=***,dc=com"</param>
/// <param name="authPWD">连接密码</param>
public bool OpenConnection(string LADPath, string authUserName, string authPWD)
{ //创建一个连接
_objDirectoryEntry = new DirectoryEntry(LADPath, authUserName, authPWD, AuthenticationTypes.None); if (null == _objDirectoryEntry)
{
return false;
}
else if (_objDirectoryEntry.Properties!=null&&_objDirectoryEntry.Properties.Count > )
{
return true;
}
return false;
} /// <summary>
/// 检测一个用户和密码是否正确
/// </summary>
/// <param name="strLDAPFilter">(|(uid= {0})(cn={0}))</param>
/// <param name="TestUserID">testuserid</param>
/// <param name="TestUserPwd">testuserpassword</param>
/// <param name="ErrorMessage"></param>
/// <returns></returns>
public bool CheckUidAndPwd(string strLDAPFilter, string TestUserID, string TestUserPwd, ref string ErrorMessage)
{
bool blRet = false;
try
{
//创建一个检索
DirectorySearcher deSearch = new DirectorySearcher(_objDirectoryEntry);
//过滤名称是否存在
deSearch.Filter =strLDAPFilter;
deSearch.SearchScope = SearchScope.Subtree; //find the first instance
SearchResult objSearResult = deSearch.FindOne(); //如果用户密码为空
if (string.IsNullOrEmpty(TestUserPwd))
{
if (null != objSearResult && null != objSearResult.Properties && objSearResult.Properties.Count > )
{
blRet = true;
}
}
else if (null != objSearResult && !string.IsNullOrEmpty(objSearResult.Path))
{
//获取用户名路径对应的用户uid
int pos = objSearResult.Path.LastIndexOf('/');
string uid = objSearResult.Path.Remove(, pos + );
DirectoryEntry objUserEntry = new DirectoryEntry(objSearResult.Path, uid, TestUserPwd, AuthenticationTypes.None);
if (null != objUserEntry && objUserEntry.Properties.Count > )
{
blRet = true;
}
}
}
catch (Exception ex)
{
if (null != _objDirectoryEntry)
{
_objDirectoryEntry.Close();
}
ErrorMessage = "检测异常:"+ex.StackTrace;
}
return blRet;
} /// <summary>
/// 关闭连接
/// </summary>
public void closeConnection()
{
if (null != _objDirectoryEntry)
{
_objDirectoryEntry.Close();
}
}
}
调用过程如下
private void btnCheck_Click(object sender, EventArgs e)
{ string strLDAPFilter = string.Format(txtFilter.Text, txtUserName.Text.Trim());
//deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))"; string TestUserID = txtUserName.Text;
string TestUserPwd = txtPwd.Text;
LDAPHelper objldap = new LDAPHelper();
string strLDAPPath = txtLDAP.Text;
string strLDAPAdminName = txtLUserName.Text;
string strLDAPAdminPwd = txtLPwd.Text;
string strMsg = "";
bool blRet = objldap.OpenConnection(strLDAPPath, strLDAPAdminName, strLDAPAdminPwd); if (blRet)
{
blRet = objldap.CheckUidAndPwd(strLDAPFilter, TestUserID, TestUserPwd, ref strMsg);
if (blRet)
{
strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "成功";
}
else if (!blRet && string.IsNullOrEmpty(strMsg))
{
strMsg = "检测用户名" + TestUserID + "和密码" + TestUserPwd + "失败";
}
}
this.txtLog.Text = System.DateTime.Now.ToString() + ":" + strMsg + "\r\n" + "\r\n" + this.txtLog.Text;
MessageBox.Show(strMsg);
}
}
调用过程1
bool checkResult = false;
try
{
string username = Request.Params.Get("username");
string userpwd = Request.Params.Get("userpwd");
string strLADPath = "LDAP://OU=事业部,DC=HOLD,DC=Company,DC=COM"; DirectoryEntry objEntry = new DirectoryEntry(strLADPath);
objEntry.AuthenticationType = AuthenticationTypes.None; DirectorySearcher deSearch = new DirectorySearcher(objEntry);
//过滤名称是否存在
deSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
deSearch.SearchScope = SearchScope.Subtree;
//find the first instance
SearchResult results = deSearch.FindOne();
//check username & userpwd
if (null != results)
{
DirectoryEntry objUserEntry = new DirectoryEntry(results.Path, username, userpwd);
if (null != objUserEntry && null != objUserEntry.Properties
&& objUserEntry.Properties.Contains("cn"))
{
checkResult = true;
}
} Response.Write("认证结果:" + checkResult.ToString());
}
catch (System.Exception ex)
{
Response.Write("认证异常"+ex.StackTrace);
Response.Write("认证结果:" + checkResult.ToString());
}