自动登录到Active Directory [英] Automatic log in to Active Directory
问题描述
我有做一个自动登录的用户在我的桌面Active Directory应用程序有些困难。我可能会尝试做一个SSO,但我在IM pression是仅适用于Web应用程序。
I am having some difficulty with doing an automated login for users in my desktop Active Directory application. I may be trying to do an SSO, but I am under the impression that is only for web applications.
在code我有,是这样的:
The code I have, is this:
PrincipalContext theContext = new PrincipalContext(ContextType.Domain);
if (theContext.ValidateCredentials(null, null))
Console.WriteLine("Credentials have been validated. Tell your friends.");
else
Console.WriteLine("Invalid credentials");
UserPrincipal user = new UserPrincipal(theContext, "uatu", "Passw0rd", true);
user.Save();
该PrincipalContext正在没有错误产生,而我验证凭据。我认为这会验证我作为登录到计算机上,这是Active Directory域下的用户。我能找到的用户和组。但只要我打电话user.Save()我得到的错误访问被拒绝。我是否真正进入Active Directory作为guest用户?
The PrincipalContext is being created without error, and I am validating the credentials. I assumed this would validate me as the user that logged in to the computer, which is under the Active Directory domain. And I can find users and groups. But as soon as I call user.Save() I get the error "Access is denied." Am I actually getting into Active Directory as a guest user?
如果我设置ValidateCredentials的用户名和密码,它并不能帮助。
If I set the user name and password in ValidateCredentials, it doesn't help.
PrincipalContext theContext = new PrincipalContext(ContextType.Domain);
if (theContext.ValidateCredentials("<username>", "<password", ContextOptions.Negotiate | ContextOptions.Signing | ContextOptions.Sealing))
Console.WriteLine("Credentials have been validated. Tell your friends.");
else
Console.WriteLine("Invalid credentials");
UserPrincipal user = new UserPrincipal(theContext, "uatu", "Passw0rd", true);
user.Save();
这code仍然无法上user.Save()。 如果我明确地设置用户名和密码,以匹配自己的登录用户在PrincipalContext构造,然后我得到的成功。
That code still fails on user.Save(). If I explicitly set the username and password to match myself as the logged in user in the PrincipalContext constructor, then I get success.
PrinicipalContext theContext = new PrincipalContext(ContextType.Domain,"<address>", "<domain context>", "<username>", "<password>");
UserPrincipal user = new UserPrincipal(theContext, "uatu", "Passw0rd", true);
user.Save();
这code成功。但我宁可不要我的应用程序,他们已登录到他们的计算机具有完全相同的凭证后,在用户登录。
That code succeeds. But I would rather not have the user log in to my application after they have logged into their computer with the exact same credentials.
我已经听到一些关于关联应用,所以我想知道如果我必须让Active Directory的知道,它可以信任我的应用程序。我依然朦胧通过的细节,不知道这是错误的方向。
I have been hearing a bit about "Affiliate Application", so I'm wondering if I have to let Active Directory know that it can trust my application. I am still hazy on the details through, and don't know if that is the wrong direction.
有没有人有一个想法,以我应该做的事?
Does anyone have an idea as to what I should be doing?
推荐答案
如果你想修改 UserPrincipals ,你有两个选择:
If you are trying to modify UserPrincipals, you have a couple options:
- 在用户已经通过身份验证到Windows与修改活动目录权限的用户:
- 使用构造
PrincipalContext这并不需要用户名/密码- 这将运行环境作为当前登录用户
- 使用构造
- User is already authenticated to windows as a user with permission to edit active directory:
- Use the Constructor for
PrincipalContextwhich doesn't take username/password- This will run the context as the currently logged in user
- Use the Constructor for
- 使用构造
PrincipalContext这需要用户名/密码- 这将运行的背景下,你传入的凭据
- Use the Constructor for
PrincipalContextwhich takes username/password- This will run the context as the credentials you passed in
根据上面的解释,我是presuming你需要选择#1。
ValidateCredentials();只是用来验证凭据,如果你给它的凭据是有效则返回一个真/假。调用它没有持久的影响,它只是验证。如果你需要模拟用户,你需要使用PrincipalContext构造这需要凭据。Based on your explanation above, I'm presuming you need option #1.
ValidateCredentials();is only used to validate credentials, it returns a true/false if the credentials you've given it are valid. Calling it has no lasting affect, it only validates. If you need to impersonate a user, you need to use thePrincipalContextconstructor which takes credentials.这篇关于自动登录到Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
