亂馬客

因為客戶要做輸入使用者及密碼後，要驗証AD的密碼，以前我的做法取得AD的使用者，然後修改它的密碼，

因為修改密碼要輸入舊的密碼，所以如果修改成功的話，表示該密碼是正確的。

後來找到「How to authenticate against the Active Directory by using forms authentication and Visual Basic .NET」，

發現.NET就有提供驗証AD密碼的CODE了，所以就先包個Win AP，以供測試使用!

也可將它包成Web Service給各AP來Call哦!

主要是透過LdapAuthentication這個Class來驗証，測試的Code如下，

Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
    Dim adPath As String = txtADPath.Text.Trim ' LDAP://rmtech.com.tw Path to your LDAP directory server
    Dim adAut As New LdapAuthentication(adPath)
    Try
        '2012/09/03 修正pwd不加Trim，因為密碼有可能會有空字串哦!
        MessageBox.Show(adAut.IsAuthenticated(txtDomainName.Text.Trim(), txtUserName.Text.Trim, txtPassword.Text))
    Catch ex As Exception
        '如果驗証失敗會有錯誤訊息
        MessageBox.Show(ex.Message)
    End Try
End Sub

 

 

 

LdapAuthentication的Code如下(Copy自How to authenticate against the Active Directory by using forms authentication and Visual Basic .NET )，要加入System.DirectoryServices參考哦!

Imports System
Imports System.Text
Imports System.Collections
Imports System.DirectoryServices

Public Class LdapAuthentication
    Dim _path As String
    Dim _filterAttribute As String

    Public Sub New(ByVal path As String)
        _path = path
    End Sub

    Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean

        Dim domainAndUsername As String = domain & "\" & username
        Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)

        Try
            'Bind to the native AdsObject to force authentication.            
            Dim obj As Object = entry.NativeObject
            Dim search As DirectorySearcher = New DirectorySearcher(entry)

            search.Filter = "(SAMAccountName=" & username & ")"
            search.PropertiesToLoad.Add("cn")
            Dim result As SearchResult = search.FindOne()

            If (result Is Nothing) Then
                Return False
            End If

            'Update the new path to the user in the directory.
            _path = result.Path
            _filterAttribute = CType(result.Properties("cn")(0), String)

        Catch ex As Exception
            Throw New Exception("Error authenticating user. " & ex.Message)
        End Try

        Return True
    End Function

    Public Function GetGroups() As String
        Dim search As DirectorySearcher = New DirectorySearcher(_path)
        search.Filter = "(cn=" & _filterAttribute & ")"
        search.PropertiesToLoad.Add("memberOf")
        Dim groupNames As StringBuilder = New StringBuilder()

        Try
            Dim result As SearchResult = search.FindOne()
            Dim propertyCount As Integer = result.Properties("memberOf").Count

            Dim dn As String
            Dim equalsIndex, commaIndex

            Dim propertyCounter As Integer

            For propertyCounter = 0 To propertyCount - 1
                dn = CType(result.Properties("memberOf")(propertyCounter), String)

                equalsIndex = dn.IndexOf("=", 1)
                commaIndex = dn.IndexOf(",", 1)
                If (equalsIndex = -1) Then
                    Return Nothing
                End If

                groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
                groupNames.Append("|")
            Next

        Catch ex As Exception
            Throw New Exception("Error obtaining group names. " & ex.Message)
        End Try

        Return groupNames.ToString()
    End Function
End Class

 

2012/09/03 修改呼叫驗証時，密碼欄位不能加Trim哦!

 

原始檔案:LdapAuth.zip

Hi, 

亂馬客Blog已移到了 「亂馬客​ : Re:從零開始的軟體開發生活」

請大家繼續支持 ^_^