无法针对Active Directory验证ASP.NET用户

时间:2013-03-15 18:56:25

标签: c# asp.net ldap iis-7.5

我用“demo”替换了我们的域名...请忽略丢失的逗号,如下图所示。

我的问题如下:

我想在ASP.NET Web应用程序中验证SBSUsers。我无法弄清楚我的活动目录路径需要什么才能让它工作......

当我按如下方式设置时,它无法进行身份验证(我假设因为我的用户不在该路径下)...但它没有给我一个错误:

string adPath = "LDAP://ac-dc01.demo.local:389/CN=Configuration,DC=demo,DC=local";
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(adPath, domainAndUsername, pwd);
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
    return false;
}
// Update the new path to the user in the directory
adPath = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];

当我将它设置为我认为它应该是的时,它会在entry.NativeObject行上出错。

string adPath = "ldap://ac-dc01.demo.local:389/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=demo,DC=local";

有什么想法吗?我是否需要以某种方式打开它以进行“全球”访问?如果是这样,我将如何做到这一点?

LDAP

我能够使用另一个软件成功连接...

LDAP

2 个答案:

答案 0 :(得分:1)

这就是我们连接到AD的方式,效果很好:

<yourConfig>LDAP://ADServerName/OU=GROUPNAME,DC=domainName,DC=com</YourConfig>

以下是有关如何验证用户的示例代码:

using (PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain,
                                                            ENTER YOUR DOMAIN NAME,
                                                            This is where the config that I mentioned above comes in,
                                                            ContextOptions.Negotiate,
                                                            ENTER YOUR AD SERVICE NAME,
                                                            ENTER YOUR AD PASSWORD))
            {
                UserPrincipal oUser = UserPrincipal.FindByIdentity(oPrincipalContext, THE USERNAME THAT YOU WANT TO VALIDATE);
                if (oUser != null)
                {
                    oADAcct = new CUserADAcct();
                    oADAcct.dumpAcctAttrs(oUser);
                }
            }

答案 1 :(得分:1)

这是你可以试试的..你也确定你的DC = Demo和DC = Local那些看起来像OU的我

const string Domain = "ServerAddress:389";
const string constrParts = @"OU=Users,DC=domain,DC=com";
const string Username = @"someusername";
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, Domain, constrParts);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext,  username);
相关问题
最新问题