我正在编写一个基于 MVC (.NET 4.0) 的网站,该网站需要来自我的公司 LDAP 服务器的登录凭据.我的代码需要的是只允许属于某个组的用户.例如,我可能正在寻找属于企业 IT"组的用户.我的凭据可能是系统管理员"组的一部分,该组是企业 IT"的子组.我正在使用表单身份验证.
I'm writing an MVC-based (.NET 4.0) website that requires login credentials from my corporate LDAP server. What my code requires is to allow only the users that are part of a certain group. As an example, I could be looking for users that are part of the "Corporate IT" group. My credentials could be part of the "System Admins" group which is a subgroup of "Corporate IT". I'm using Forms Authentication.
当用户登录时,我将如何递归检查用户属于哪个组?
How would I recursively check what group a user is under when they log in?
对于通过搜索此类查询来到这里的其他人,这是我在我的应用程序中的做法:
For anybody else coming here from a search for this type of query, here is how I did it in my application:
关键是 1.2.840.113556.1.4.1941 扩展搜索过滤器.由于此特定过滤器仅适用于 DN,因此我首先获取要检查的用户的 DN,然后查询组以查看此特定用户是否是链中任何组的成员.
The key is 1.2.840.113556.1.4.1941 extended search filter. Since this particular filter works with DNs only, I first get hold of DN of the user I want to check and then query groups to see if this particular user is a member of any of groups in chain.
internal const string UserNameSearchFilter = "(&(objectCategory=user)(objectClass=user)(|(userPrincipalName={0})(samAccountName={0})))";
internal const string MembershipFilter = "(&(objectCategory=group)(objectClass=group)(cn=MyGroup)(member:1.2.840.113556.1.4.1941:={0}))";
using (var de = new DirectoryEntry(AppSettings.LDAPRootContainer, AppSettings.AdminUser, AppSettings.AdminPassword, AuthenticationTypes.FastBind))
using (var ds = new DirectorySearcher(de) { Filter = string.Format(UserNameSearchFilter, username) })
{
ds.PropertiesToLoad.AddRange(new[] { "distinguishedName" });
var user = ds.FindOne();
if (user != null)
using (var gds = new DirectorySearcher(de) { PropertyNamesOnly = true, Filter = string.Format(MembershipFilter, user.Properties["distinguishedName"][0] as string) })
{
gds.PropertiesToLoad.AddRange(new[] { "objectGuid" });
return gds.FindOne() != null;
}
}
这篇关于递归查询 LDAP 组成员资格的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!