Active Directory - 检查用户名/密码 [英] Active Directory - Check username / password

问题描述

我在 Windows Vista Ultimate SP1 上使用以下代码查询我们的活动目录服务器以检查域中用户的用户名和密码.

I'm using the following code on Windows Vista Ultimate SP1 to query our active directory server to check the user name and password of a user on a domain.

public Object IsAuthenticated()
{
    String domainAndUsername = strDomain + "\" + strUser;
    DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, strPass);
    SearchResult result;
    try
    {
        //Bind to the native AdsObject to force authentication.         

        DirectorySearcher search = new DirectorySearcher(entry) { Filter = ("(SAMAccountName=" + strUser + ")") };

        search.PropertiesToLoad.Add("givenName"); // First Name                
        search.PropertiesToLoad.Add("sn"); // Last Name
        search.PropertiesToLoad.Add("cn"); // Last Name

        result = search.FindOne();

        if (null == result)
        {
            return null;
        }

        //Update the new path to the user in the directory.
        _path = result.Path;
        _filterAttribute = (String)result.Properties["cn"][0];
    }
    catch (Exception ex)
    {
        return new Exception("Error authenticating user. " + ex.Message);
    }
    return user;
}

目标是使用.NET 3.5，并使用VS 2008标准编译

the target is using .NET 3.5, and compiled with VS 2008 standard

我使用域帐户登录，该帐户是运行应用程序的域管理员.

I'm logged in under a domain account that is a domain admin where the application is running.

代码在windows XP上运行完美；但是在 Vista 上运行时出现以下异常:

The code works perfectly on windows XP; but i get the following exception when running it on Vista:

System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()

我已尝试更改身份验证类型，但不确定发生了什么.

I've tried changing the authentication types, I'm not sure what's going on.

另见:根据 Active Directory 验证用户名和密码?一个>

推荐答案

如果您使用的是 .net 3.5，请改用此代码.

If you're using .net 3.5 use this code instead.

验证用户:

PrincipalContext adContext = new PrincipalContext(ContextType.Domain);

using (adContext)
{
     return adContext.ValidateCredentials(UserName, Password);
}

如果您需要查找对象的 R/W 属性，请执行以下操作:

If you need to find the user to R/W attributes to the object do this:

PrincipalContext context = new PrincipalContext(ContextType.Domain);
UserPrincipal foundUser = 
    UserPrincipal.FindByIdentity(context, "jdoe");

这是使用 System.DirectoryServices.AccountManagement 命名空间，因此您需要将其添加到 using 语句中.

This is using the System.DirectoryServices.AccountManagement namespace so you'll need to add it to your using statements.

如果您需要将 UserPrincipal 对象转换为 DirectoryEntry 对象以使用遗留代码，您可以这样做:

If you need to convert a UserPrincipal object to a DirectoryEntry object to work with legacy code you can do this:

DirectoryEntry userDE = (DirectoryEntry)foundUser.GetUnderlyingObject();

这篇关于Active Directory - 检查用户名/密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！