我的问题是如何处理安全性和正确实现模拟,这些模拟将从客户端计算机上运行并正确验证我的IIS服务器,该服务器传递仍然有效的模拟票证以及LDAP请求.
我的系统是在我的公司内部网上运行的独立服务器,它托管域控制器,LDAP服务器等,并使用Kerberos协议.
>系统信息:在Windows 7 x64上使用Windows Auth和Impersonate的IIS7
>网络信息:IIS 6,LDAP,Kerberos
这是我的VB.NET方法.
- Protected FirstName,LastName,EMail As String
- Protected Sub Lookup(ByVal UserName As String)
- UserName = Trim(UserName)
- UserName = Replace(UserName,"\","/")
- UserName = Right(UserName,Len(UserName) - InStr(1,UserName,"/"))
- Using (Hosting.HostingEnvironment.Impersonate) 'ADDED
- Dim directoryEntry As New DirectoryEntry("LDAP://dl/DC=dl,DC=net")
- 'directoryEntry.AuthenticationType = AuthenticationTypes.Delegation 'REMOVED
- Dim ds As New DirectorySearcher(directoryEntry)
- Dim r As SearchResult
- Try
- ds.PropertiesToLoad.Add("givenName") 'First Name
- ds.PropertiesToLoad.Add("sn") 'Last Name
- ds.PropertiesToLoad.Add("mail") 'Email
- ds.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & UserName & "))"
- r = ds.FindOne 'Query LDAP; find record with UserName.
- 'Populates all the variables retrieved from LDAP.
- FirstName = If(r.Properties.Contains("givenName"),Trim(r.Properties("givenName").Item(0)),"")
- LastName = If(r.Properties.Contains("sn"),Trim(r.Properties("sn").Item(0)),"")
- If IsNothing(r.Properties.Contains("mail")) Then
- EMail = If(r.Properties.Contains("userPrincipalName"),Trim(r.Properties("userPrincipalName").Item(0)),"")
- Else
- EMail = If(r.Properties.Contains("mail"),Trim(r.Properties("mail").Item(0)),"")
- End If
- EMail = EMail.ToLower
- Catch ex As Exception
- 'Error Logging to Database Here
- End Try
- End Using
- End Sub
请提出任何必要的问题,以获取帮助我所需的信息.我已经研究了几个星期了,似乎模仿有如此疯狂的变量,我很容易迷失.我只是无法弄清楚如何在我的代码中实现这个…我仍然是.NET的新手:(
您不需要为此配置AuthenticationType.但是,您需要确保允许托管上述代码的服务帐户(或网络服务的计算机帐户)委派给您环境中所有DC上的LDAP服务.
