用C#对LDAP用户认证 [英] Using C# to authenticate user against LDAP
问题描述
我使用的DirectorySearcher来搜索LDAP服务器的用户条目。
I'm using DirectorySearcher to search for a user entry in LDAP server.
DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP://myserver/OU=People,O=mycompany";
de.AuthenticationType = AuthenticationTypes.None;
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(uid=" + model.UserName + ")";
SearchResult result = deSearch.FindOne();
我能够得到日在结果变量预期的输出。结果
但是如果我尝试通过目录条目提供密码验证相同的用户,我总是得到下面的错误。
I'm able to get th intended output in result variable.
However If I try to authenticate the same user by providing password in directory entry, I always get following error.
用户名或密码不正确。
"The user name or password is incorrect."
DirectoryEntry entry = new DirectoryEntry("LDAP://myserver/OU=People,O=mycompany", username, password);
DirectorySearcher search = new DirectorySearcher(
entry,
"(uid=" + username + ")",
new string[] { "uid" }
);
search.SearchScope = System.DirectoryServices.SearchScope.Subtree;
SearchResult found = search.FindOne(); ->>>>>this is where I get wrong credential error.
用户名和密码都是我想对用户进行认证。
The username and password are for the user I want to authenticate.
谁能告诉我我在做什么错在这里或如何调试这一点。
Can anyone tell me what I'm doing wrong here or how to debug this.
推荐答案
这个用户名,此行中的密码:
This username, password within this line:
DirectoryEntry("LDAP://myserver/OU=People,O=mycompany", username, password);
应该是有对目录查找权限的帐户。这可能是一个服务帐户或测试目的,用自己的尝试。这不应该是别人你是谁尝试进行身份验证的用户名/密码。
should be for an account that has permission for directory lookup. It could be a service account or testing purpose try with your own. This shouldn't be the user/pass of someone who you are trying to authenticate.
如果你想进行身份验证,可以使用以下使用PrincipalContext步骤:
If you want to authenticate, you can use following steps using PrincipalContext:
using(var context = new PrincipalContext(ContextType.Domain, "mydomain", "mydomain\serviceAcct", "serviceAcctPass")) {
//Username and password for authentication.
return context.ValidateCredentials(username, password);
}
serviceAcct=有对目录查找权限的域用户帐户内。
serviceAcctPass=密码的服务帐户。
正如我所说,测试你可以用自己的用户名/密码背景下试试。
"serviceAcct" = an account within domain users that has permission for directory lookup. "serviceAcctPass" = password for that service account. As I said, for testing you can try with your own user/pass context.
此外,确保提供的用户名或者有域\\用户名或用户名@域格式。
Also, make sure supplied username has either "domain\username" or "username@domain" formatting.
这篇关于用C#对LDAP用户认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!