使用Novell.Directory.Ldap.NETStandard2_0的受限用户(登录工作站)在ASP.NET Core中的LDAP身份验证问题 [英] LDAP authentication problem in ASP.NET Core for restricted users (logon workstations) using Novell.Directory.Ldap.NETStandard2_0

问题描述

我使用Novell.Directory.Ldap.NETStandard2_0程序包从Active Directory中对用户进行身份验证，它对大多数用户都适用.

I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.

using (var cn = new LdapConnection())
{
    cn.Connect(ldapOptions.Host, ldapOptions.Port);
    var userDn = username.IndexOf('@') < 0 ? username + $"@{ldapOptions.Domain}" : username;
    cn.Bind(userDn, password);
    if (cn.Bound)
    {
        result.Result = AuthResult.Succeed;
        result.Message = "Login Successful using LDAP: {0}.";
    }

    return result;
}

问题是当我们需要对仅限于登录到我们域(Active Directory)中的某些计算机的用户进行身份验证时.

The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).

我将承载我的应用程序(IIS& Win Server 2016)的计算机添加到列表中，但是它仍然失败，并且无法对受限用户进行身份验证.

I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.

如何解决此问题?我应该更改我的代码吗?或Active Directory/IIS设置?

How can I solve this issue? should I change my code? or Active Directory/IIS settings?

推荐答案

LDAP身份验证通常来自域控制器，因此配置为LDAP主机的域控制器必须存在于登录工作站中(userWorkstations)列表.

LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.

这篇关于使用Novell.Directory.Ldap.NETStandard2_0的受限用户(登录工作站)在ASP.NET Core中的LDAP身份验证问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！