0

我使用以下代码来验证属于我们公司域的用户。这工作正常。

using (var entry = new DirectoryEntry(""))
{
    DirectorySearcher ds = new DirectorySearcher(entry);

    ds.Filter = "(|(&(objectCategory=user)(name=domainuser)))";
    ds.PropertyNamesOnly = true;
    ds.PropertiesToLoad.Add("name");
    ds.ReferralChasing = ReferralChasingOption.None;

    SearchResultCollection src = ds.FindAll();

    bool isValid = false;
    try
    {
        foreach (SearchResult sr in src)
        {
            DirectoryEntry de = sr.GetDirectoryEntry();
            de.Password = "domainpassword";
            object nativeObject = de.NativeObject;


            if (nativeObject != null)
                isValid = true;

            break;
        }
    }
    catch (DirectoryServicesCOMException ex) {}

    return isValid;
}

实际问题是我需要在我的笔记本电脑(MYINSTANCE)中创建一个 LDAP 实例,然后我需要以编程方式创建用户。我能够创建用户并遍历它们。

现在对于此类用户,我无法验证用户名和密码。

我所做的更改如下。

using (var entry = new DirectoryEntry("LDAP://MYPC:389/CN=MYINSTANCE,DC=COMPANYDOMAIN,DC=com", "domainuser", "domainpassword", AuthenticationTypes.Secure))
{
    DirectorySearcher ds = new DirectorySearcher(entry);

    ds.Filter = "(|(&(objectCategory=user)(name=instanceuser)))";
    ds.PropertyNamesOnly = true;
    ds.PropertiesToLoad.Add("name");
    ds.ReferralChasing = ReferralChasingOption.None;

    SearchResultCollection src = ds.FindAll();

    bool isValid = false;
    try
    {
        foreach (SearchResult sr in src)
        {
            DirectoryEntry de = sr.GetDirectoryEntry();
            de.Password = "instancepassword";
            object nativeObject = de.NativeObject;


            if (nativeObject != null)
                isValid = true;

            break;
        }
    }
    catch (DirectoryServicesCOMException ex) {}

    return isValid;
}
4

1 回答 1

0

如果您使用 .NET 3.5 或更高版本,则可以使用System.DirectoryServices.AccountManagement命名空间并轻松验证您的凭据:

// create a "principal context" - e.g. your domain (could be machine, too)
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "MYINSTANCE", 
                                "CN=MYINSTANCE,DC=COMPANYDOMAIN,DC=com", 
                                ContextType.SecureSocketLayer,
                                "domainuser", "domainpassword")
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "mypassword");
}

它很简单,很可靠,它是 100% 的 C# 托管代码 - 您还能要求什么?:-)

在这里阅读所有相关信息:

于 2012-02-06T12:22:28.457 回答