Web Design, Programming, Tutorials
Posts tagged code
ASP.NET MVC Using Forms Authentication With LDAP
Oct 23rd
If you are using ASP.NET MVC and you want to authenticate your users against Active Directory using LDAP, you need to do a little work to get everything set up. It is pretty easy to authenticate users with Active Directory using the <Authorize()> attribute, but I ran into some problems when I wanted to authorize a user based on a Windows Group.
Here are the steps I took to be able to authenticate active directory users and authorize their use of actions based on being members to user groups.
Web.Config
Find the authentication tag and change it to the following:
<authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication>
The LoginUrl points to the Controller/Action where the login function is.
UserRepository
This is the class object that does the communication with Active Directory via LDAP. The project where this class resides should also add a reference to the System.DirectoryServices DLL.
Imports System.DirectoryServices
Public Class UserRepository
Private _server As String
Public Sub New(ByVal server As String)
_server = server
End Sub
Public Function GetUser(ByVal userName As String) As Data.User
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://" + _server)
Dim search As DirectorySearcher = New DirectorySearcher(root)
search.SearchScope = SearchScope.Subtree
search.Filter = "(sAMAccountName=" + userName.Substring(userName.IndexOf("\") + 1) + ")"
Dim results As SearchResultCollection = search.FindAll()
Return _GetUser(results(0).Path)
End Function
Public Function GetUserByFullName(ByVal fullName As String) As Data.User
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://" + _server)
Dim search As DirectorySearcher = New DirectorySearcher(root)
search.SearchScope = SearchScope.Subtree
search.Filter = "(displayName=" + fullName + ")"
Dim results As SearchResultCollection = search.FindAll()
Return _GetUser(results(0).Path)
End Function
Public Function GetMembers(ByVal groupPath As String) As IQueryable(Of Data.User)
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://" + _server)
Dim search As DirectorySearcher = New DirectorySearcher(root)
Dim members As List(Of Data.User) = New List(Of Data.User)()
search.SearchScope = SearchScope.Subtree
search.Filter = "(memberOf=" + groupPath + ")"
Dim results As SearchResultCollection = search.FindAll()
For Each result As SearchResult In results
members.Add(_GetUser(result.Path))
Next
root.Close()
Return members.AsQueryable
End Function
Public Function Authenticate(ByVal userName As String, ByVal password As String) As Data.User
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://" + _server, userName, password)
Dim search As DirectorySearcher = New DirectorySearcher(root)
Dim user As User = Nothing
search.SearchScope = SearchScope.Subtree
search.Filter = "(sAMAccountName=" + userName + ")"
Dim results As SearchResultCollection = search.FindAll()
If (Not (results Is Nothing)) Then
user = _GetUser(results(0).Path)
End If
Return user
End Function
Private Function _GetUser(ByVal userPath As String) As Data.User
Dim entry As DirectoryEntry = New DirectoryEntry(userPath)
Dim user As Data.User = New Data.User()
user.UserName = entry.Properties("sAMAccountName").Value
user.FirstName = entry.Properties("givenname").Value
user.LastName = entry.Properties("sn").Value
user.Email = entry.Properties("mail").Value
For Each group In entry.Properties("memberOf")
user.Groups.Add(_GetGroup(group))
Next
entry.Close()
Return user
End Function
Private Function _GetGroup(ByVal path As String) As String
Dim value As String = ""
Dim index1 As Integer = path.IndexOf("=", 1)
Dim index2 As Integer = path.IndexOf(",", 1)
If (Not (index1 = -1)) Then
value = path.Substring((index1 + 1), (index2 - index1) - 1)
End If
Return value
End Function
End Class
User
This class hold the user information that we want to work with from Active Directory. Here I am storing the username, first and last names, email address, and the list of groups the user is a member of.
This class is in my Data project and that is why you will see Data.User in the UserRepository. If you want everything to be in one project, you could create the Data namespace around the User class. I did run into problems with MVC getting confused between my User class and a built in one if I did not specify the namespace. You could also simply rename the User class to something else.
Public Class User
Private _userName As String
Private _firstName As String
Private _lastName As String
Private _email As String
Private _groups As List(Of String)
Public Property UserName() As String
Get
Return _userName
End Get
Set(ByVal value As String)
_userName = value
End Set
End Property
Public Property FirstName() As String
Get
Return _firstName
End Get
Set(ByVal value As String)
_firstName = value
End Set
End Property
Public Property LastName() As String
Get
Return _lastName
End Get
Set(ByVal value As String)
_lastName = value
End Set
End Property
Public Property Email() As String
Get
Return _email
End Get
Set(ByVal value As String)
_email = value
End Set
End Property
Public Property Groups() As List(Of String)
Get
Return _groups
End Get
Set(ByVal value As List(Of String))
_groups = value
End Set
End Property
Public Sub New()
Me.UserName = ""
Me.FirstName = ""
Me.LastName = ""
Me.Email = ""
Me.Groups = New List(Of String)()
End Sub
Public Function GetFullName() As String
Dim s As System.Text.StringBuilder = New System.Text.StringBuilder()
If (Not (Me.FirstName = "")) Then
s.Append(Me.FirstName)
s.Append(" ")
End If
s.Append(Me.LastName)
Return s.ToString()
End Function
Public Function SerializeGroups() As String
Dim text As String = ""
For Each item In Groups
If (text = "") Then
text = item
Else
text = text + "|" + item
End If
Next
Return text
End Function
End Class
AccountController
Next is the controller that handles signing in and out of the application. I’ve simplified this controller code for the sake of simplicity. Under normal circumstances, I would have the controller communicate to a service class that then interacts with the repository. The service class could do validation on the login form before attempting to authenticate empty user and password strings.
Imports System.Globalization
Imports System.Security.Principal
Imports S3.Data
<HandleError()> _
Public Class AccountController
Inherits System.Web.Mvc.Controller
'data members.
Private _userRepository as UserRepository
Private _formsAuthentication As IFormsAuthentication
Public Sub New()
_userRepository = New UserRepository(ConfigurationManager.AppSettings("LDAPServer")
_formsAuthentication = New FormsAuthentication()
End Sub
'GET: /Account/LogOn
Public Function LogOn() As ActionResult
Return View("LogOn")
End Function
'POST: /Account/LogOn
<AcceptVerbs(HttpVerbs.Post)> _
Public Function LogOn( _
ByVal userName As String, _
ByVal password As String, _
ByVal rememberMe As Boolean, _
ByVal returnUrl As String) As ActionResult
Dim result As ActionResult = View("LogOn")
Dim user As User = _userRepository.Authenticate(userName, password)
If (Not (user Is Nothing)) Then
_formsAuthentication.SignIn(user, rememberMe)
If (returnUrl Is Nothing) Then
result = RedirectToAction("Index", "Home")
Else
result = Redirect(returnUrl)
End If
End If
Return result
End Function
Public Function LogOff() As ActionResult
_formsAuthentication.SignOut()
Return RedirectToAction("Index", "Home")
End Function
End Class
FormsAuthentication
The next class is the FormsAuthentication class. The main reason that I made this code a class of its own is for the sake of unit testing my project. During unit testing, the commands that deal with writing and clearing the cookie would error out. To get around this, I created an empty FormsAuthenticationTest class that does nothing for the SignIn and SignOut methods. Note: The example code does not show the interfaces. Check out the repository pattern and factory pattern to see how to setup services and repositories for unit testing.
After a user has been authenticated by the UserRepository, the controller passes the returned user into the SignIn method of the FormsAuthentication. This method then stores the user’s full name and serialized groups in a cookie. The list of groups is serialized by creating a string with each group name separated by a “|” character. This serialization takes place in the User object.
Imports System.Web.Security
Public Class FormsAuthentication
Public Sub SignIn(ByVal user As Data.User, ByVal createPersistentCookie As Boolean)
Dim authTicket As System.Web.Security.FormsAuthenticationTicket = _
New System.Web.Security.FormsAuthenticationTicket( _
1, _
user.GetFullName(), _
Now, _
Now.AddMinutes(60), _
createPersistentCookie, _
user.SerializeGroups())
Dim encryptedTicket As String = System.Web.Security.FormsAuthentication.Encrypt(authTicket)
Dim authCookie As HttpCookie = New HttpCookie( _
System.Web.Security.FormsAuthentication.FormsCookieName, _
encryptedTicket)
If (createPersistentCookie) Then
authCookie.Expires = authTicket.Expiration
End If
HttpContext.Current.Response.Cookies.Add(authCookie)
End Sub
Public Sub SignOut()
System.Web.Security.FormsAuthentication.SignOut()
End Sub
End Class
Global.asax
With the previous code, you should be able to use Forms Authentication to log into your application and authenticate a user against the Active Directory via LDAP. The <Authorize()> attribute will allow you to secure your controller or actions. There’s just one problem. Now, if you want to use <Authorize(Roles:=”GroupName”), your user does not get authorization to the action or controller.
There’s just one change left that we need to make. ASP MVC makes the current logged in user available by accessing the Context.User. When you log into the application MVC is setting the user as authenticated, but no roles or groups have been added to that user. We need to modify the Global.asax file and use the AuthenticationRequest event.
The following code will fire each time an authentication request is triggered. The code will check if the authentication cookie exists and if it does, reads the user’s name and groups from it and stores them in the Context.User so MVC can access the groups.
Private Sub MvcApplication_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.AuthenticateRequest
Dim cookieName As String = System.Web.Security.FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If (Not (authCookie Is Nothing)) Then
Dim authTicket As System.Web.Security.FormsAuthenticationTicket = Nothing
Try
authTicket = System.Web.Security.FormsAuthentication.Decrypt(authCookie.Value)
If (Not (authTicket Is Nothing)) Then
Dim groups As String() = authTicket.UserData.Split(New Char() {"|"})
Dim id As System.Security.Principal.GenericIdentity = _
New System.Security.Principal.GenericIdentity(authTicket.Name, "LdapAuthentication")
Dim principal As System.Security.Principal.GenericPrincipal = _
New System.Security.Principal.GenericPrincipal(id, groups)
Context.User = principal
End If
Catch ex As Exception
'Do nothing.
End Try
End If
End Sub
And that should be all you need to use FormsAuthentication with LDAP and group authorization.
ASP.NET MVC Full URL From A Controller
Oct 16th
In working with ASP.NET MVC, I came across the need to send an email with the URL of a document that is to be approved. There are helper functions accessible from the View to build an ActionLink or get the URL of an action, but I had problems finding how to build this URL from within a controller. Here is the simple code that I finally pieced together to do what I wanted:
Dim link As String = HttpContext.Request.Url.Scheme + _
"://" + HttpContext.Request.Url.Authority + _
Url.Action("ActionName", "ControllerName", New With {.id = idOfDocument})
HttpContext.Request.Url.Scheme returns “http” or “https”, which ever one you’re using.
HttpContext.Request.Url.Authority returns the Base Url of your application.
And, the Url.Action method creates the Url to the Controller, Action, and ID of the document that is being sent out for approval.
How to use Zend_Search_Lucene with the PHP framework CodeIgniter
Feb 17th
If you’ve heard the buzz about Apache’s open source search engine, Lucene, then you probably already know what a great search engine tool it is. The search engine is fast, has ports to various languages, and was written to be able to share the search index between the different Lucene ports.
The PHP version of Lucene is packaged in the Zend frameworkand is called Zend_Search_Lucene. When it comes to PHP frameworks, I tend to prefer using CodeIgniteras opposed to Zend. So, you might ask, how can you use a favored framework such as CodeIgniter with the power of Lucene’s search capabilities?
Install CodeIgniter 1.7.1
I downloaded a copy of the latest version of CodeIgniter 1.7.1 and configured it to run the default welcome action. Next, I made a copy of the welcome controller and view to test my indexer and search actions (which we’ll get to in just a minute).
Install Zend Framework 1.7
Next, I downloaded the latest version of the Zend Framework 1.7.5. After extracting the zip file, copy the Zend folder inside ZendFramework-1.7.5/library and paste it into the CodeIgniter framework under System/application/libraries.
Create A Zend Loader Class
The next thing that needs to be done is create a loader file to load the Zend library classes in CodeIgniter. This tutorial also explains how to create this loader class. This file below is named Zend.php and should be located in the System/application/libraries folder of CodeIgniter.
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class CI_Zend
{
function __construct($class = NULL)
{
// include path for Zend Framework
// alter it accordingly if you have put the 'Zend' folder elsewhere
ini_set('include_path', ini_get('include_path') .
PATH_SEPARATOR . APPPATH . 'libraries');
if ($class)
{
require_once (string) $class . EXT;
log_message('debug', "Zend Class $class Loaded");
}
else
{
log_message('debug', "Zend Class Initialized");
}
}
function load($class)
{
require_once (string) $class . EXT;
log_message('debug', "Zend Class $class Loaded");
}
}
//End of File: Zend.php
Creating An Indexer
Now we will create the search index. For demonstration purposes, I’m going to place the indexer and search functions in the same controller. You should have your indexer in a separate controller with security that will keep everyone from being able to run it.
We’ll start with the copy of the welcome controller, which I named home.php. After changing the class name and function calls to home instead of welcome, the contents of the file should look like this. Also, add the sanitize function below.
<?php
class Home extends Controller
{
function Home()
{
parent::Controller();
}
function index()
{
$this->load->view('home_view');
}
function sanitize($input)
{
return htmlentities(strip_tags($input));
}
}
/* End of file home.php */
/* Location: ./system/application/controllers/home.php */
Now, we can just replace the contents of the index() function with the following.
$this->load->library('zend', 'Zend/Feed');
$this->load->library('zend', 'Zend/Search/Lucene');
$this->load->library('zend');
$this->zend->load('Zend/Feed');
$this->zend->load('Zend/Search/Lucene');
//Create index.
$index = new Zend_Search_Lucene('c:\wamp\www\ci\tmp\feeds_index', true);
$feeds = array(
'http://www.cmjackson.net/feed/rss/',
'http://andrewmjackson.com/feed/rss');
//grab each feed.
foreach($feeds as $feed)
{
$channel = Zend_Feed::import($feed);
echo $channel->title().'<br />';
//index each item.
foreach($channel->items as $item)
{
if ($item->link() && $item->title() && $item->description())
{
//create an index doc.
$doc = new Zend_Search_Lucene_Document();
$doc->addField(Zend_Search_Lucene_Field::Keyword(
'link', $this->sanitize($item->link())));
$doc->addField(Zend_Search_Lucene_Field::Text(
'title', $this->sanitize($item->title())));
$doc->addField(Zend_Search_Lucene_Field::Unstored(
'contents', $this->sanitize($item->description())));
echo "\tAdding: ". $item->title() .'<br />';
$index->addDocument($doc);
}
}
}
$index->commit();
echo $index->count() .' Documents indexed.<br />';
This indexer will read in the RSS feeds from this website as well as my brother’swebsite and index the contents of the feed. When the index is created, you must specify a location to store the index. These are binary files that Lucene creates and it does not require a database for storage.
In this article, the author further explains the fields of the index document and when each should be used.
Feeds are not the only resource that Lucene can index. Web sites, databases, Microsoft Office documents, etc. Find out more information on Zend Search Lucene in the Zend Framework Manual .
A Basic Search
After running the indexer, you are ready to try searching the documents that are indexed. For demonstration purposes, I’ve added another function to the same controller as the index called search(). This function does not get the results of a form, but instead simulates a string query as if it were from a form.
function search()
{
$this->load->library('zend', 'Zend/Search/Lucene');
$this->load->library('zend');
$this->zend->load('Zend/Search/Lucene');
$index = new Zend_Search_Lucene('c:\wamp\www\ci\tmp\feeds_index');
$query = 'new movie';
$hits = $index->find($query);
echo 'Index contains '. $index->count() .
' documents.<br /><br />';
echo 'Search for "'. $query .'" returned '. count($hits) .
' hits<br /><br />';
foreach($hits as $hit)
{
echo $hit->title .'<br />';
echo 'Score: '. sprintf('%.2f', $hit->score) .'<br />';
echo $hit->link .'<br /><br />';
}
}
This function loads the same index that we previously created and searches for the key phrase ‘new movie’. The results that are returned are sorted by their score ranking. To make the search results look more like google, styling could be added as well as formatting the result entries, but this gives you a good idea of the basic functions of the search engine and how it works.
String Replace Function For Lotus Script
Jan 28th
Here is a handy function that I sometimes use in my Lotus Script programs.
'=============================================================================== ' +----------------------------------------------------------------------------+ ' | Function: strreplace ' +----------------------------------------------------------------------------+ ' | Accepts: src, the value to search for to replace. ' | dest, the value to replace with. ' | arg, the string to search within. ' +----------------------------------------------------------------------------+ ' | Description: ' | Replaces all occurances of src with dest in the string arg. ' +----------------------------------------------------------------------------+ '=============================================================================== Public Function strreplace(Byval src As String, Byval dest As String, Byval arg As String) As String 'Declare variables Dim pos As Integer 'Initialize pos = Instr(arg, src) 'Loop through the string While (pos > 0) arg = Left(arg, pos - 1) + dest + Mid(arg, pos + Len(src)) pos = Instr(pos + Len(dest), arg, src) Wend 'Return the replaced string strreplace = arg End Function
Here is an example of how to use the function:
newString = strreplace("WORLD", "World", "Hello WORLD!")
The newString variable would contain “Hello World!”