以下是我在应用程序的旧webforms日志中获取失败的AD日志记录数的方法:
[Authentication.cs]
var pc = new PrincipalContext(ContextType.Domain, "blahnet.blahad.com", "dc=blahnet,dc=blahad,dc=org");
bool validated = pc.ValidateCredentials(username, password, ContextOptions.Negotiate);
var ADElement = IdentityType.SamAccountName;
var up = UserPrincipal.FindByIdentity(pc, ADElement, username);
int numberOfFailedLoginAttempts = up.BadLogonCount;
以下是我目前在新的MVC 5登录应用程序中进行身份验证的内容。
[web.config中]
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="SamAccountName" />
</providers>
</membership>
</system.web>
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://blahnet.blahad.com:389/DC=blahnet,DC=blahad,DC=com" />
</connectionStrings>
[AccountController.cs]
bool validated = Membership.ValidateUser(model.UserName, model.Password);
使用这种新方法,如何在上述尝试中获取失败的AD日志数?
非常感谢任何帮助。
答案 0 :(得分:1)
Membership类是通用的。要获取帐户的AD特定属性,我猜您仍然需要使用该帐户的UserPrincipal实例。顺便说一句,如果可能的话,您还可以使用管理引擎审核等产品:http://www.manageengine.com/products/active-directory-audit/