如何确定用户DN针对Active Directory身份验证后? [英] How to determine user DN after authentication against an Active Directory?
问题描述
我使用的DirectoryServices反对的ADLDS一个用户(lighteweight的Active Directory)认证。之后,我通过认证。如何确定的DN或SID当前登录用户?
I'm using DirectoryServices to authenticate a user against an ADLDS (the lighteweight Active Directory). After I pass authentication. How can I determine the DN or SID of the currently logged in user?
using (DirectoryEntry entry = new DirectoryEntry(<a>LDAP://XYZ:389</a>,
userName.ToString(),
password.ToString(),
AuthenticationTypes.Secure))
{
try
{
// Bind to the native object to force authentication to happen
Object native = entry.NativeObject;
MessageBox.Show("User authenticated!");
}
catch (Exception ex)
{
throw new Exception("User not authenticated: " + ex.Message);
}
...
感谢
我在
src = search.FindAll()
There is no such object on the server.
我实现了用户身份登录,在Active Directory中的类类型foreignSecurityPrincipal轻量级所以我想也许我可以修改你的过滤器是:
I realized the user logging in has a class type "foreignSecurityPrincipal" in the Active Directory lightweight so I figured perhaps I can just modify your filter to be:
search.Filter = "(&(objectclass=foreignSecurityPrincipal)" + "(sAMAccountName=" + userName + "))";
但是,这给了我同样的异常。任何想法,我缺少的是什么?
But that gave me the same exception. Any idea what I am missing?
推荐答案
据我所知,你将不得不这样做对用户的LDAP搜索,并从AD获得的的distinguishedName 属性。见下图:
To my knowledge you will have to do an LDAP Search for the user and get the distinguishedName property from AD. See below:
// you can use any root DN here that you want provided your credentials
// have search rights
DirectoryEntry searchEntry = new DirectoryEntry("LDAP://XYZ:389");
DirectorySearcher search = new DirectorySearcher(searchEntry);
search.Filter = "(&(objectclass=user)(objectCategory=person)" +
"(sAMAccountName=" + userName + "))";
if (search != null)
{
search.PropertiesToLoad.Add("sAMAccountName");
search.PropertiesToLoad.Add("cn");
search.PropertiesToLoad.Add("distinguishedName");
log.Info("Searching for attributes");
// find firest result
SearchResult searchResult = null;
using (SearchResultCollection src = search .FindAll())
{
if (src.Count > 0)
searchResult = src[0];
}
if (searchResult != null)
{
// Get DN here
string DN = searchResult.Properties["distinguishedName"][0].ToString();
}
这篇关于如何确定用户DN针对Active Directory身份验证后?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!