活动目录 - 检查用户名/密码 [英] Active Directory - Check username / password
问题描述
我使用的是Windows Vista旗舰版SP1以下code来查询我们的活动目录服务器上的域检查用户的用户名和密码。
I'm using the following code on Windows Vista Ultimate SP1 to query our active directory server to check the user name and password of a user on a domain.
public Object IsAuthenticated()
{
String domainAndUsername = strDomain + "\\" + strUser;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, strPass);
SearchResult result;
try
{
//Bind to the native AdsObject to force authentication.
DirectorySearcher search = new DirectorySearcher(entry) { Filter = ("(SAMAccountName=" + strUser + ")") };
search.PropertiesToLoad.Add("givenName"); // First Name
search.PropertiesToLoad.Add("sn"); // Last Name
search.PropertiesToLoad.Add("cn"); // Last Name
result = search.FindOne();
if (null == result)
{
return null;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
return new Exception("Error authenticating user. " + ex.Message);
}
return user;
}
目标是使用.NET 3.5,并用VS编译2008标准
the target is using .NET 3.5, and compiled with VS 2008 standard
我登录下是在哪里运行应用程序域管理员的域帐户。
I'm logged in under a domain account that is a domain admin where the application is running.
在code完美的作品在Windows XP上;但在Vista上运行时,我得到了以下异常:
The code works perfectly on windows XP; but i get the following exception when running it on Vista:
System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()
我试着改变身份验证类型,我不知道是怎么回事。
I've tried changing the authentication types, I'm not sure what's going on.
参见:<一href="http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory">http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory
推荐答案
如果您使用的是.NET 3.5使用本code来代替。
If you're using .net 3.5 use this code instead.
要验证用户的身份:
PrincipalContext adContext = new PrincipalContext(ContextType.Domain);
using (adContext)
{
return adContext.ValidateCredentials(UserName, Password);
}
如果你需要找到用户R / W属性对象做到这一点:
If you need to find the user to R/W attributes to the object do this:
PrincipalContext context = new PrincipalContext(ContextType.Domain);
UserPrincipal foundUser =
UserPrincipal.FindByIdentity(context, "jdoe");
这是使用System.DirectoryServices.AccountManagement命名空间,所以你需要将它添加到你使用的语句。
This is using the System.DirectoryServices.AccountManagement namespace so you'll need to add it to your using statements.
如果你需要一个UserPrincipal对象转换为DirectoryEntry对象的工作与传统的code,你可以这样做:
If you need to convert a UserPrincipal object to a DirectoryEntry object to work with legacy code you can do this:
DirectoryEntry userDE = (DirectoryEntry)foundUser.GetUnderlyingObject();
这篇关于活动目录 - 检查用户名/密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!