在开始之前,我已经访问了Unknown Error (0x80005000) with LDAPS Connection并更改了我的代码,虽然它确实解决了问题但似乎神秘地回来了。
这是好事:
public static bool Authenticate(string username, string password, string domain)
{
bool authentic = false;
try
{
LdapConnection con = new LdapConnection(
new LdapDirectoryIdentifier(Host, Port));
if (IsSSL)
{
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = ServerCallback;
}
con.Credential = new NetworkCredential(username, password);
con.AuthType = AuthType.Basic;
con.Bind();
authentic = true;
}
catch (LdapException)
{
return false;
}
catch (DirectoryServicesCOMException)
{ }
return authentic;
}
public static bool IsSSL
{
get
{
return ConnectionString.ToLower().Contains("ldaps");
}
}
public static string ConnectionString
{
get
{
if (string.IsNullOrEmpty(_connectionString))
_connectionString = CompleteConfiguration.GetLDAPConnectionString();
return _connectionString;
}
set { _connectionString = value; }
}
public static int Port
{
get
{
var x = new Uri(ConnectionString);
int port = 0;
if (x.Port != -1)
{
port = x.Port;
}
else
{
port = x.OriginalString.ToLower().Contains("ldaps")
? 636
: 389;
}
return port;
}
}
public static string Host
{
get
{
var x = new Uri(ConnectionString);
return x.Host;
}
}
private static bool ServerCallback(LdapConnection connection, X509Certificate certificate)
{
return true;
}
这是坏事: 当我尝试对应用程序进行身份验证时,我收到以下错误,确切地说,这是由con.Bind()行触发的:
[COMException(0x80005000):未知错误(0x80005000)] System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+378094 System.DirectoryServices.DirectoryEntry.Bind()+36 System.DirectoryServices.DirectoryEntry.get_NativeObject()+31 在c:\ Builds \ 6 \ Idealink.Open.Pancanal \ Panama Canal \ Sources \ Idealink.Open \ Complete.Authentication \ GCAuthentication.cs中完成.Authentication.GCAuthentication.Authenticate(字符串用户名,字符串密码,字符串域) 在C:\ Builds \ 6 \ Idealink.Open.Pancanal \ Panama Canal \ Sources \ Idealink.Open \ Complete.Authentication \中的Complete.Authentication.AuthenticationFactory.ValidateUserLdap(String username,String password,String domain,Boolean isValid,String usernameWithDomain) AuthenticationFactory.cs:93
由于某些用户帐户似乎有效而其他用户帐户无效,因此非常令人困惑。但是,当我将上述代码放在一个独立的测试环境中时,无论我使用哪个帐户,它都会每次都成功。当我将它放回到带有ASP.NET和IIS的Windows 2008 R2服务器上时,它会失败,如上所述。但失败是一致的 - 账户一直失败或成功,从这个角度看,没有随机性。
必须使用LDAPS和NOT LDAP访问LDAP服务器,这就是我们无法使用DirectoryEntry对象的原因 - LDAP服务器由客户端控制,因此无法以任何方式重新配置或更改。我们只想在Web表单上捕获用户名/密码,然后在LDAP服务器上使用BIND来检查凭据。
我们正在使用.NET 3.5并且此时无法升级所以我恭敬地问,如果您的主要建议和论点要升级,请暂停您的贡献。
谢谢,希望你能帮忙
答案 0 :(得分:2)
这样的事情对你有用吗??
const string Domain = "ServerAddress:389";
const string constrParts = @"OU=Users,DC=domain,DC=com";
const string Username = @"karell";
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, Domain, constrParts);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, username);
这是一个非常好的网站,可以提供很好的参考和示例 DirectoryServices DirectoryEntry
对于基于SSL的连接,您可以执行以下操作
const int ldapInvalidCredentialsError = 0x31;
const string server = "your_domain.com:636";
const string domain = "your_domain.com";
try
{
using (var ldapSSLConn = new LdapConnection(server))
{
var networkCredential = new NetworkCredential(username, password, domain);
ldapSSLConn.SessionOptions.SecureSocketLayer = true;
ldapSSLConn.AuthType = AuthType.Negotiate;
ldapSSLConn.Bind(networkCredential);
}
// If the bind succeeds, the credentials are valid
return true;
}
catch (LdapException ldapEx)
{
// Invalid credentials a specific error code
if (ldapEx.ErrorCode.Equals(ldapInvalidCredentialsError))
{
return false;
}
throw;
}