跨域Active Directory验证 [英] Cross Domain Active Directory Authentication

问题描述

我们有不同的AD网域运行一个网站，那么，我们需要使用的身份验证。至于原因，我不会去，我们不能让他们之间的信任。

We have a website running on a different AD domian then we need to authenticate with. For reasons I will not go into, we can not allow a trust between them.

因此​​，我们有：

Rackspace.Domain
SuperDuperEnterpriseDomain

Rackspace.Domain
SuperDuperEnterpriseDomain

该网站是在根据他们的域名Rackspace的运行，我们需要确保他们的身份验证

The website is running at rackspace under their domain and we need to be sure they are authenticated on

有没有办法在C＃来检查用户是否存在另一个域？如果是的话怎么样？

Is there a way to in C# to check to see if a user exists on another domain? If so how?

推荐答案

假设你得到一个SuperDuperEnterpriseDomain的用户名和密码，使用的 DsBindWithCred 。注意，这个函数将失败，拒绝访问，即使凭据是技术上有效，如该帐户被锁定。既然你没有加入到目标域，您将无法调用LogonUser以获得为什么凭证无效更精细的细节。

Assuming that you are getting a SuperDuperEnterpriseDomain's username and password, use DsBindWithCred. Note that this function fails with Access Denied even when the credentials are technically valid, such as the account being locked out. Since you are not joined to the target domain, you won't be able to call LogonUser to get finer details on why the credentials are invalid.

有关code，看到我的回答另一个问题。你可以用普通的字符串替换SecureString的的，如果你不介意的安全隐患。

For code, see my answer to another question. You can replace the SecureString's with regular strings if you don't mind the security implications.

这篇关于跨域Active Directory验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！