错误0x80005000与LdapConnection和LDAPS [英] Error 0x80005000 with LdapConnection and LDAPS
问题描述
我开始之前,我已经访问过<一个href=\"http://stackoverflow.com/questions/9993928/unknown-error-0x80005000-with-ldaps-connection\">Unknown错误(0x80005000)与LDAPS连接,并改变了我的code,虽然它确实解决这个问题似乎它具有的神秘的回来。
Before I start, I've already visited Unknown Error (0x80005000) with LDAPS Connection and changed my code and while it did solve the problem it seems that it has mysteriously come back.
这里的好东西:
public static bool Authenticate(string username, string password, string domain)
{
bool authentic = false;
try
{
LdapConnection con = new LdapConnection(
new LdapDirectoryIdentifier(Host, Port));
if (IsSSL)
{
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = ServerCallback;
}
con.Credential = new NetworkCredential(username, password);
con.AuthType = AuthType.Basic;
con.Bind();
authentic = true;
}
catch (LdapException)
{
return false;
}
catch (DirectoryServicesCOMException)
{ }
return authentic;
}
public static bool IsSSL
{
get
{
return ConnectionString.ToLower().Contains("ldaps");
}
}
public static string ConnectionString
{
get
{
if (string.IsNullOrEmpty(_connectionString))
_connectionString = CompleteConfiguration.GetLDAPConnectionString();
return _connectionString;
}
set { _connectionString = value; }
}
public static int Port
{
get
{
var x = new Uri(ConnectionString);
int port = 0;
if (x.Port != -1)
{
port = x.Port;
}
else
{
port = x.OriginalString.ToLower().Contains("ldaps")
? 636
: 389;
}
return port;
}
}
public static string Host
{
get
{
var x = new Uri(ConnectionString);
return x.Host;
}
}
private static bool ServerCallback(LdapConnection connection, X509Certificate certificate)
{
return true;
}
下面是坏的东西:
当我尝试验证到应用程序,我碰到下面的错误,是precise这是由con.Bind()行触发:
Here's the bad stuff: When I attempt to authenticate to the application I get the following error, to be precise this is triggered by the con.Bind() line:
[收到COMException(0x80005000):未知的错误(0x80005000)
System.DirectoryServices.DirectoryEntry.Bind(布尔throwIfFail)378094
System.DirectoryServices.DirectoryEntry.Bind()+36
System.DirectoryServices.DirectoryEntry.get_NativeObject()+31
Complete.Authentication.GCAuthentication.Authenticate(字符串的用户名,密码字符串,字符串域)在C:\\构建\\ 6 \\ Idealink.Open.Pancanal \\巴拿马运河的\\ Sources \\ Idealink.Open \\ Complete.Authentication \\ GCAuthentication.cs:27
Complete.Authentication.AuthenticationFactory.ValidateUserLdap(字符串的用户名,密码字符串,字符串域,布尔的isValid,字符串usernameWithDomain)在C:\\构建\\ 6 \\ Idealink.Open.Pancanal \\巴拿马运河的\\ Sources \\ Idealink.Open \\ Complete.Authentication \\ AuthenticationFactory.cs:93
[COMException (0x80005000): Unknown error (0x80005000)] System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +378094 System.DirectoryServices.DirectoryEntry.Bind() +36 System.DirectoryServices.DirectoryEntry.get_NativeObject() +31 Complete.Authentication.GCAuthentication.Authenticate(String username, String password, String domain) in c:\Builds\6\Idealink.Open.Pancanal\Panama Canal\Sources\Idealink.Open\Complete.Authentication\GCAuthentication.cs:27 Complete.Authentication.AuthenticationFactory.ValidateUserLdap(String username, String password, String domain, Boolean isValid, String usernameWithDomain) in c:\Builds\6\Idealink.Open.Pancanal\Panama Canal\Sources\Idealink.Open\Complete.Authentication\AuthenticationFactory.cs:93
这是很令人困惑,因为它似乎有些用户帐户的工作和别人不一样。然而,当我把上面的code在隔离的测试环境中它的每一次成功,无论哪个占我使用。当我把它放回在Windows 2008 R2服务器上的ASP.NET和IIS如上所述失败。该故障是一致的,但 - 帐户始终失败或成功,从这个角度来看,没有随机性
It is quite confusing as it seems that some user accounts work and others don't. However when I place the above code in an isolated test environment it does succeed each and every time regardless of which account I use. When I place it back on the Windows 2008 R2 Server with ASP.NET and IIS it fails as stated above. The failures are consistent though - accounts consistently fail or succeed, from that perspective there is no randomness.
LDAP服务器必须使用LDAPS和NOT LDAP这就是为什么我们不能使用DirectoryEntry对象访问 - LDAP服务器是由客户端进行控制,因此不能被重新配置或以任何方式改变。我们只是想获取一个网页表单上的用户名/密码,然后使用BIND的LDAP服务器上检查凭据。
The LDAP Server must be accessed using LDAPS and NOT LDAP which is why we cannot use the DirectoryEntry object - the LDAP server is controlled by a client and therefore cannot be reconfigured or altered in any way. We simply want to capture username/password on a web form and then use BIND on the LDAP server to check credentials.
我们使用的是.NET 3.5此时无法升级,所以我谨请,如果你的主要意见和论据比请暂缓你的贡献升级。
We are using .NET 3.5 and cannot upgrade at this time so I respectfully ask that if your main suggestion and arguments are to upgrade than please hold off on your contribution.
谢谢,希望你能帮助
推荐答案
请问这样的事情对你的工作..?
Would something like this work for you..?
const string Domain = "ServerAddress:389";
const string constrParts = @"OU=Users,DC=domain,DC=com";
const string Username = @"karell";
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, Domain, constrParts);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, username);
下面是一个非常好的网站伟大的参考和示例
的DirectoryServices DirectoryEntry的
Here is a really good site for great references and examples DirectoryServices DirectoryEntry
通过SSL连接,你可以不喜欢以下
for Connection over SSL you could do something like the following
const int ldapInvalidCredentialsError = 0x31;
const string server = "your_domain.com:636";
const string domain = "your_domain.com";
try
{
using (var ldapSSLConn = new LdapConnection(server))
{
var networkCredential = new NetworkCredential(username, password, domain);
ldapSSLConn.SessionOptions.SecureSocketLayer = true;
ldapSSLConn.AuthType = AuthType.Negotiate;
ldapSSLConn.Bind(networkCredential);
}
// If the bind succeeds, the credentials are valid
return true;
}
catch (LdapException ldapEx)
{
// Invalid credentials a specific error code
if (ldapEx.ErrorCode.Equals(ldapInvalidCredentialsError))
{
return false;
}
throw;
}
无效的LDAP错误codeS 的MSDN列表
这篇关于错误0x80005000与LdapConnection和LDAPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
