我试图弄清楚我们是否需要转义密码(我们确实转义用户名),如果您正在使用DirectorySearcher并通过DirectoryEntry用户名和密码集传递它。
这是代码简写:
var directoryEntry = new DirectoryEntry(domain);
directoryEntry.Username = escaped(username);
directoryEntry.Password = password;
new DirectorySearcher(directoryEntry)
{
SearchScope = searchScope,
Filter = "(&(objectCategory=person)(objectClass=user)" + escaped(filter) + ")"
};
不转义密码会使代码容易被注入吗?转义密码会导致验证DirectoryEntry失败吗?