活动目录 - 检查用户名/密码 [英] Active Directory - Check username / password

问题描述

我使用的是Windows Vista旗舰版SP1以下code来查询我们的活动目录服务器上的域检查用户的用户名和密码。

I'm using the following code on Windows Vista Ultimate SP1 to query our active directory server to check the user name and password of a user on a domain.

public Object IsAuthenticated()
{
    String domainAndUsername = strDomain + "\\" + strUser;
    DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, strPass);
    SearchResult result;
    try
    {
        //Bind to the native AdsObject to force authentication.         

        DirectorySearcher search = new DirectorySearcher(entry) { Filter = ("(SAMAccountName=" + strUser + ")") };

        search.PropertiesToLoad.Add("givenName"); // First Name                
        search.PropertiesToLoad.Add("sn"); // Last Name
        search.PropertiesToLoad.Add("cn"); // Last Name

        result = search.FindOne();

        if (null == result)
        {
            return null;
        }

        //Update the new path to the user in the directory.
        _path = result.Path;
        _filterAttribute = (String)result.Properties["cn"][0];
    }
    catch (Exception ex)
    {
        return new Exception("Error authenticating user. " + ex.Message);
    }
    return user;
}

目标是使用.NET 3.5，并用VS编译2008标准

the target is using .NET 3.5, and compiled with VS 2008 standard

我登录下是在哪里运行应用程序域管理员的域帐户。

I'm logged in under a domain account that is a domain admin where the application is running.

在code完美的作品在Windows XP上;但在Vista上运行时，我得到了以下异常：

The code works perfectly on windows XP; but i get the following exception when running it on Vista:

System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()

我试着改变身份验证类型，我不知道是怎么回事。

I've tried changing the authentication types, I'm not sure what's going on.

参见：<一href="http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory">http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory

推荐答案

如果您使用的是.NET 3.5使用本code来代替。

If you're using .net 3.5 use this code instead.

要验证用户的身份：

PrincipalContext adContext = new PrincipalContext(ContextType.Domain);

using (adContext)
{
     return adContext.ValidateCredentials(UserName, Password);
}

如果你需要找到用户R / W属性对象做到这一点：

If you need to find the user to R/W attributes to the object do this:

PrincipalContext context = new PrincipalContext(ContextType.Domain);
UserPrincipal foundUser = 
    UserPrincipal.FindByIdentity(context, "jdoe");

这是使用System.DirectoryServices.AccountManagement命名空间，所以你需要将它添加到你使用的语句。

This is using the System.DirectoryServices.AccountManagement namespace so you'll need to add it to your using statements.

如果你需要一个UserPrincipal对象转换为DirectoryEntry对象的工作与传统的code，你可以这样做：

If you need to convert a UserPrincipal object to a DirectoryEntry object to work with legacy code you can do this:

DirectoryEntry userDE = (DirectoryEntry)foundUser.GetUnderlyingObject();

这篇关于活动目录 - 检查用户名/密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！