使用 Novell.Directory.Ldap.NETStandard2_0 的受限用户(登录工作站)在 ASP.NET Core 中的 LDAP 身份验证问题 [英] LDAP authentication problem in ASP.NET Core for restricted users (logon workstations) using Novell.Directory.Ldap.NETStandard2_0

问题描述

我使用 Novell.Directory.Ldap.NETStandard2_0 包对来自 Active Directory 的用户进行身份验证，它对大多数用户都适用.

I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.

using (var cn = new LdapConnection())
{
    cn.Connect(ldapOptions.Host, ldapOptions.Port);
    var userDn = username.IndexOf('@') < 0 ? username + $"@{ldapOptions.Domain}" : username;
    cn.Bind(userDn, password);
    if (cn.Bound)
    {
        result.Result = AuthResult.Succeed;
        result.Message = "Login Successful using LDAP: {0}.";
    }

    return result;
}

问题是当我们需要对仅限于登录我们域中的某些计算机 (Active Directory) 的用户进行身份验证时.

The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).

我将托管我的应用程序 (IIS & Win Server 2016) 的计算机添加到列表中，但它仍然失败并且还无法对受限用户进行身份验证.

I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.

我该如何解决这个问题?我应该更改我的代码吗?或 Active Directory/IIS 设置?

How can I solve this issue? should I change my code? or Active Directory/IIS settings?

推荐答案

LDAP 身份验证通常来自域控制器，因此配置为 LDAP 主机的域控制器需要存在于登录工作站中(用户工作站)列表.

LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.

这篇关于使用 Novell.Directory.Ldap.NETStandard2_0 的受限用户(登录工作站)在 ASP.NET Core 中的 LDAP 身份验证问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！