c＃中的LDAP活动目录搜索 [英] LDAP active directory search in c#

问题描述

我得到这个..当我运行我的代码。建议我，我有充分的理由....



在System.DirectoryServices.DirectoryEntry.Bind（Boolean throwIfFail）

在System。 DirectoryServices.DirectoryEntry.Bind（）

在System.DirectoryServices.DirectoryEntry.get_AdsObject（）

在System.DirectoryServices.PropertyValueCollection.PopulateList（）

在System.DirectoryServices.PropertyValueCollection..ctor（DirectoryEntry entry，String propertyName）

在System.DirectoryServices.PropertyCollection.get_Item（String propertyName）

在System.DirectoryServices。 DirectorySearcher.get_SearchRoot（）

在System.DirectoryServices.DirectorySearcher.FindAll（Boolean findMoreThanOne）

在System.DirectoryServices.DirectorySearcher.FindOne（）

在D：\Amit \New文件夹\New文件夹（3）\New文件夹（3）\New folder \FormsAuthAD \FormsAuthAD \LdapAuthenti中的FormsAuthAD.LdapAuthentication.GetGroups（） cation.cs：80行







我的代码如下：









public bool IsAuthenticated（字符串域名，字符串用户名，字符串代码）

{

string domainAndUsername = domain + @\+ username;

DirectoryEntry entry = new DirectoryEntry（_path，domainAndUsername，pwd）;



尝试

{

//绑定到原生AdsObject以强制进行身份验证。

object obj = entry.NativeObject;



DirectorySearcher search = new DirectorySearcher（entry）;



search。 Filter =（SAMAccountName =+ username +）;



search.PropertiesToLoad.Add（cn）;



SearchResult result = search.FindOne（）;



if（null == result）

{

返回false;

}



//更新目录中用户的新路径。

_path = result.Path;

_filterAttribute =（string ）result.Properties [cn] [0];

}

catch（例外情况）

{

抛出新的异常（错误验证用户。 + ex.Message）;

}



返回true;

}



public string GetGroups（）

{

// DirectoryEntries searchRoot = new DirectoryEntries（_path）;

DirectorySearcher search = new DirectorySearcher（_path）;



search.Filter =（cn =+ _filterAttribute +）;



search.PropertiesToLoad.Add（memberOf）;

StringBuilder groupNames = new StringBuilder（）;



试试

{





SearchResult result = search.FindOne（）;

int propertyCount = result.Properties [memberOf]。计数;

string dn;

int equalsIndex，commaIndex;



for（int propertyCounter = 0; propertyCounter< propertyCount; propertyCounter ++）

{

dn =（string）result.Properties [memberOf] [propertyCounter];

equalsIndex = dn.IndexOf（ =，1）;

commaIndex = dn.IndexOf（，，1）;

if（-1 == equalsIndex）

{

返回null;

}

groupNames.Append（dn.Substring（（equalsIndex + 1），（commaIndex - equalsIndex） - 1））;

groupNames.Append（|）;

}

}

catch（例外ex）

{

抛出新的异常（获取组名称时出错。+ ex.Message）;

}

返回groupNames.ToString（）;

}

}

i m getting this.. when i run my code. suggest me i good reason for this ....

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.DirectorySearcher.get_SearchRoot()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at FormsAuthAD.LdapAuthentication.GetGroups() in D:\Amit\New folder\New folder (3)\New folder (3)\New folder\FormsAuthAD\FormsAuthAD\LdapAuthentication.cs:line 80



my code are as:




public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);

try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;

DirectorySearcher search = new DirectorySearcher(entry);

search.Filter = "(SAMAccountName=" + username + ")";

search.PropertiesToLoad.Add("cn");

SearchResult result = search.FindOne();

if (null == result)
{
return false;
}

//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (string)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}

return true;
}

public string GetGroups()
{
//DirectoryEntries searchRoot = new DirectoryEntries(_path);
DirectorySearcher search = new DirectorySearcher(_path);

search.Filter = "(cn=" + _filterAttribute + ")";

search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();

try
{


SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
string dn;
int equalsIndex, commaIndex;

for(int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (string)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=",1);
commaIndex = dn.IndexOf(",", 1);
if(-1 == equalsIndex)
{
return null;
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
}
catch(Exception ex)
{
throw new Exception("Error obtaining group names. " + ex.Message);
}
return groupNames.ToString();
}
}

推荐答案

似乎存在安全问题。



你在运行Windows窗体解决方案吗？您是当前正在尝试搜索的域中的当前进程用户吗？



您运行的是Asp.Net解决方案吗？您的应用程序池用户是否具有您要搜索的AD的权限？



每个经过身份验证的用户都有权搜索活动目录。

Seems a security problem.

Are you running a windows forms solution? Are you current process user in the same domain that you are trying to search?

Are you running an Asp.Net solution? Does your application pool user have permissions for the AD that you are trying to search?

Every authenticated user have rights for search the active directory.

这篇关于c＃中的LDAP活动目录搜索的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！