验证密码是否正确 [英] Verify if password is correct

问题描述

我需要验证用户密码是否正确.

i need to verify if the password is correct for a user.

我有此代码:

 private bool checkOldPasswordValid(string password, string username)
    {
        using (DirectoryEntry entry = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"))
        {
            entry.Username = username;
            entry.Password = password;

            DirectorySearcher searcher = new DirectorySearcher(entry);

            searcher.Filter = "(objectclass=user)";
            try
            {
                searcher.FindOne();
            }
            catch (Exception ex)
            {
                return false;
            }
            return true;
        }
    }

但是WinNt不支持目录搜索器，因此我找到了另一种遍历所有记录的方法.

but then directory searcher is not supported with WinNt, so i found another way to loop through all records.

 foreach (DirectoryEntry dc in entry.Children)
            {
                // prints the name
                System.Diagnostics.Debug.WriteLine(dc.Name);
            }

但这只是获取名称，并且不验证密码.

but this just gets the name and doesnt verify the password.

请帮助.谢谢

推荐答案

要针对LDAP或WinNT进行自动化处理，不需要DirectorySearcher.您只需要从DirectoryEntry实例获取NativeObject.这是一个代码示例，可能会指导您完成操作.

To autenticate against LDAP or WinNT, you need no DirectorySearcher. You only need to get the NativeObject from your DirectoryEntry instance. Here's a code sample that might guide you through the way.

public bool Authenticate(string username, string password, string domain) {
    bool authenticated = false;

    using (DirectoryEntry entry = new DirectoryEntry(@"WinNT://" + domain, username, password) {
        try {
            object nativeObject = entry.NativeObject;
            authenticated = true;
        } catch (DirectoryServicesCOMException ex) {
        }
    }

    return authenticated;
}

此代码将返回用户是否为真实用户.一旦可以使用此DirectoryEntry类实例获取NativeObject属性，就意味着AD(或本地计算机)使用了模拟来获取此对象.如果在没有引发异常的情况下获取对象，则意味着AD(或本地计算机)能够对模拟的用户进行身份验证.

This code will return either a user is authentic or not. Once you can get the NativeObject property using this DirectoryEntry class instance, this means that the AD (or local computer) used impersonation to get this object. If you get the object without having a thrown exception, this means that the AD (or local computer) was able to authenticate the impersonnated user.

虽然您可以通过不指定用户名和密码来使用当前经过身份验证的用户，而仅通过指定用户名和密码来指定域(或本地计算机)来使用当前身份验证的用户，但您却表示要使用模拟功能，因此安全基础结构将使用给定用户名和密码，以尝试从此DirectoryEntry类实例中检索NativeObject属性.

While you can use the currently authenticated user by specifying no username and password, but only the domain (or local computer), by specifying a username and password, you say you want to use impersonnation, so the security infrastructure will use the given username and password to try to retrieve the NativeObject property from this DirectoryEntry class instance.

要针对AD进行身份验证，只需将"WinNT://"替换为"LDAP://".

To authenticate against the AD, just replace the "WinNT://" for "LDAP://".

这篇关于验证密码是否正确的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！