1

所以我对这里的整个 .net 都是新手,但基本上我想做的是编写一个 Web 服务,它将接受一个带有用户名和密码的 SOAP 请求,并根据 ldap 服务器检查它们以验证凭据是否正确. 我已经在 perl 中完成了这项工作,代码如下,但我想在 .net 中复制它,以便更多地了解它。我一直在研究 c#,因为我已经完成了大量的 java 编程,看起来它们非常相似,但如果在 vb 或其他东西中更容易,我不反对。

我遇到的主要问题实际上是连接到服务器本身。我在网上找到了一些示例,但我对应该传递给各种方法的内容感到困惑。这是 web 服务的 perl 版本:

验证.cgi

use strict;
use warnings;
use SOAP::Transport::HTTP;
SOAP::Transport::HTTP::CGI
    ->dispatch_to('Authenticate')
    ->handle;

package Authenticate;

use Net::LDAPS;
use Net::LDAP;

sub Verify{
    my ($class, $user, $pass) = @_;

    my $user_dn = "uid=$user,ou=people,o=domain";

    my $ldap = Net::LDAPS->new( 'ldap.domain.com', port => '636' ) or die "$@";

    my $mesg = $ldap->bind($user_dn, password => $pass);

    return $mesg->error if $mesg->is_error;

    return "Successful authentication for user '$user'";
}

我在 c# 中一直在搞乱的是以下内容(我可能有不必要的包含,我一直在搞乱一堆东西):

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.DirectoryServices;
using System.DirectoryServices.Protocols;
using System.Net;


/// <summary>
/// Summary description for WebService
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment     the following line. 
// [System.Web.Script.Services.ScriptService]
public class WebService : System.Web.Services.WebService {

    public WebService () {

        //Uncomment the following line if using designed components 
        //InitializeComponent(); 
    }

    [WebMethod]
    public string Authenticate(string username, string pwd) {
        string domain = "LDAP://ldap.domain.com:636";
        string domainAndUsername = domain + @"\" + username;
        string path = domain + @"/ou=people,o=domain";
        string filterAttribute;
        DirectoryEntry entry = new DirectoryEntry(path, domainAndUsername, pwd);

        try
        {
            //Bind to the native AdsObject to force authentication.
            object obj = entry.NativeObject;

            DirectorySearcher search = new DirectorySearcher(entry);

            search.Filter = "(SAMAccountName=" + username + ")";
            search.PropertiesToLoad.Add("cn");
            SearchResult result = search.FindOne();

            if (null == result)
            {
                return "false";
            }

            //Update the new path to the user in the directory.
            path = result.Path;
            filterAttribute = (string)result.Properties["cn"][0];
        }
        catch (Exception ex)
        {
            throw new Exception("Error authenticating user. " + ex.Message);
        }

        return "true";
    }

}

这导致了错误

System.Exception:验证用户时出错。服务器无法运行。

我觉得我只是在某处或类似的地方指定了错误的路径,但我似乎无法弄清楚。

4

2 回答 2

1

根据您的代码,您将以下内容传递给DirectoryEntry构造函数:

小路:LDAP://ldap.domain.com:636/ou=people,o=domain

用户名:LDAP://ldap.domain.com:636\username

那个用户名不对。如果是 Active Directory,你会放ldap.domain.com\username,但它看起来不像是 Active Directory。所以你应该给用户的专有名称。从您的 perl 看来,它应该是uid=username,ou=people,o=domain,但这对我来说看起来很奇怪。我总是将其视为cn=username,ou=people,o=domain.

于 2013-06-12T14:08:37.570 回答
1

It seems like this would create a path that looks like "LDAP://ldap.domain.com:636\username/ou=people,o=domain". Typically it would be "LDAP://ldap.domain.com:636/cn=Full User Common Name,ou=People,dc=domain,dc=local".

If you don't have the DN to start off with, you should bind anonymously or with a service credential, search using SAMAccountName, then re-bind using the username and password. Here is a good example from ASP.net. The example, however, expects the username to be in uid form, which you would want to change to SAMAccountName

Also, it looks like you are specifying a TLS port, but you have not specified AuthenticationTypes.SecureSocketsLayer, which could cause the error you are receiving.

于 2013-06-12T06:08:19.620 回答