从System.DirectoryServices切换到DirectoryServices.Protocols时的身份验证类型 [英] Authentication Types when switching from System.DirectoryServices to DirectoryServices.Protocols
问题描述
我需要从AuthenticationTypes中了解等效的AuthType值,才能从S.DS迁移到S.DS.P代码.
I need to know the equivalent AuthType values from AuthenticationTypes to migrate from S.DS to S.DS.P code.
我正在重写当前使用System.DirectoryServices命名空间的LDAP连接模块.为了提高与非ActiveDirectory服务器的兼容性,我试图重写所有代码以使用System.DirectoryServices.Protocols(根据".NET开发人员目录服务编程指南"中的建议).在使用AuthenticationTypes枚举到SD.Protocols使用的AuthType之间进行转换.我需要知道两者之间的等效项,以便使用旧代码的客户端在发布新代码时不会失去功能.
I am rewriting an LDAP connection module that currently uses the System.DirectoryServices namespace. To increase compatibility with non-ActiveDirectory servers, I am trying to rewrite all of the code to use System.DirectoryServices.Protocols (as per the suggestion in "The .NET Developer's Guide to Directory Services Programming). Everything is going smoothly except for the transition between using the AuthenticationTypes enumeration to the AuthType one used by SD.Protocols. I need to know the equivalents between the two so that clients using the old code do not lose functionality when the new code is released.
我知道的等效项是:
无->基本
安全->协商(或多或少)
匿名->无
SecureSocketsLayer->将LdapSessionOptions.SecureSocketsLayer设置为true
The equivalencies that I know of are:
None -> Basic
Secure -> Negotiate (more or less)
Anonymous -> None
SecureSocketsLayer -> setting LdapSessionOptions.SecureSocketsLayer to true
推荐答案
您似乎处在正确的轨道上.
It looks like you were on the right track.
经过一些研究,我能够映射几乎所有的AuthenticationTypes值:
After doing some research, I was able to map almost all of the AuthenticationTypes values:
无:AuthType.Basic
None: AuthType.Basic
安全:AuthType.Negotiate
Secure: AuthType.Negotiate
Anonymous:AuthType.Anonymous
Anonymous: AuthType.Anonymous
签名:LdapSessionOptions.Signing
Signing: LdapSessionOptions.Signing
密封:LdapSessionOptions.Sealing
Sealing: LdapSessionOptions.Sealing
SecureSocketLayer:LdapSessionOptions.SecureSocketLayer
SecureSocketLayer: LdapSessionOptions.SecureSocketLayer
加密:与SecureSocketLayer的值相同
Encryption: Same value as SecureSocketLayer
ReadonlyServer:LdapSessionOptions.LocatorFlag.WriteableRequired = false
ReadonlyServer: LdapSessionOptions.LocatorFlag.WriteableRequired = false
Serverbind:使用具有fullyQualifiedDnsHostName参数且值设置为true的LdapDirectoryIdentifier构造函数之一.
Serverbind: Use one of the LdapDirectoryIdentifier constructors that has the fullyQualifiedDnsHostName argument, with the value set to true.
快速绑定:不适用,因为此S.DS.P在较低级别上工作.
FastBind: Doesn't apply, since this S.DS.P works at a lower level.
代理:找不到相应的设置.可能是委派是隐式的.一种测试方法是在此页面,并查看其是否有效.
Delegation: No corresponding setting found. It could be that delegation is implicit. One way to test would be to convert the code on this page and see if it works.
请注意,并非所有非AD服务器都支持AuthType.Negotiate,因为它特定于Windows.对于非AD系统,还有其他一些内容(例如LocatorFlag值中的某些值)也没有任何意义.因此,在转换假定具有AD连接性的代码时要小心,因为某些假设将不再安全.
Be aware that not all non-AD servers will support AuthType.Negotiate, since it is Windows specific. There are several other things (like some of the LocatorFlag values) that will also not mean anything for non-AD systems. Thus, take care when converting code that assumed AD connectivity, since some assumptions will no longer be safe.
这篇关于从System.DirectoryServices切换到DirectoryServices.Protocols时的身份验证类型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
