3

我有一个使用 SSL 的 PrincipalContext。这在使用 Context.ValidateCredentials() 之类的方法时效果很好。但是当我需要使用 UserPrincipal.FindByIdentity() 查找用户时,我收到以下错误:

System.Runtime.InteropServices.COMException:服务器不愿意处理请求。在 System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) 在 System.DirectoryServices.DirectoryEntry.Bind() 在 System.DirectoryServices.DirectoryEntry.get_SchemaEntry() 在 System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de) 在 System.DirectoryServices .AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options) at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() - -- 内部异常堆栈跟踪结束 --- 在 System.DirectoryServices。

我的方法:

public List<string> GetUserInfo(string user) {
        var list = new List<string>();

        using (var context = new PrincipalContext(ContextType.Domain, "xxxx.xxxx.xxxx:636", "DC=xxxx,DC=xxxx,DC=xxxx", ContextOptions.SimpleBind | ContextOptions.Sealing | ContextOptions.SecureSocketLayer)) {
            var uP = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, user);

            //Do stuff with uP
        return list;
    }

但这工作正常:

public bool ValidateCredentials(string username, string password) {
        using (var context = new PrincipalContext(ContextType.Domain, "xxxx.xxxx.xxxx:636", "DC=xxxx,DC=xxxx,DC=xxxx", ContextOptions.SimpleBind | ContextOptions.Sealing | ContextOptions.SecureSocketLayer)) {
            return context.ValidateCredentials(username, password);
        }
    }

为什么我不能使用带有 SSL 的上下文来使用 UserPrincipal?如果我删除 SSL 它工作正常..

4

2 回答 2

6

我将 ContextOptions 更改为 Negotiate 和 SSL。然后它起作用了

于 2016-03-07T10:15:15.723 回答
0

不幸的是,没有足够的代码示例展示如何配置 PrincipalContext 或 DirectoryEntry 以使用 LDAPS(SSL Active Directory)。我为这个问题找到了这些解决方案:

配置 PrincipalContext 以使用 LDAPS:

var path = "test.domainName.local:636";
ContextOptions options = ContextOptions.Negotiate | ContextOptions.SecureSocketLayer;
using (var context = new PrincipalContext(ContextType.Domain, path, "DC=xyz,DC=local", options))
{
 pr("Name: " + context.Name);
 pr("ConnectedServer: " + context.ConnectedServer);
 pr("Container: " + context.Container);
 pr("UserName: " + context.UserName);
}

配置 DirectoryEntry 以使用 LDAPS:

string path = "LDAP://test.domainName.local:636";
var dic = new DirectoryEntry(path);
pr("Name: " + dic.Name);
pr("Path: " + dic.Path);
pr("AuthenticationType: " + dic.AuthenticationType);
pr("SchemaClassName: " + dic.SchemaClassName);
pr("Username: " + dic.Username);
于 2021-06-15T10:34:21.753 回答