我正在使用用户的电子邮件地址作为密钥在基于表单的 C# 登录场景中查找任意 Windows 帐户。定位用户工作正常,我得到了我的衍生UserPrincipalEx
罚款。
但是,当我尝试使用 Bind 验证登录时,它总是成功:
// we can't use ValidateCredentials because it's too broken - multiple attempts each time,
// can't always negotiate properly, etc.
//if (!_principalContext.ValidateCredentials(userPrincipal.UserPrincipalName, password)) {
// return LoginValidationResults.ValidationFailed;
//}
try {
using (var directoryEntry = new DirectoryEntry("LDAP://" + _domain + "/" + _principalContext.Container,
userPrincipal.UserPrincipalName, password, AuthenticationTypes.FastBind)) {
var forceBind = directoryEntry.NativeObject;
Log.DebugFormat("Validation successful ({0}).", forceBind);
return LoginValidationResults.Valid;
}
}
catch (COMException ex) {
if (ex.ErrorCode != -2147023570) {
Log.DebugFormat("Validation exception: {0}", ex.ToString());
throw;
}
Log.Debug("Validation failed.");
return LoginValidationResults.ValidationFailed;
}
在某些情况下——我还不知道它们是什么——无论我给什么密码,该帐户总是能成功绑定。
为什么会这样?