我有一个Windows应用程序,它尝试使用以下代码验证Active Directory上的用户/密码。
PrincipalContext^ pc = gcnew PrincipalContext(ContextType::Domain);
// validate the credentials
bool isValid = pc->ValidateCredentials(userName, password);
if(!isValid)
{
throw gcnew SecurityTokenValidationException("Invalid user ID / password");
}
UserPrincipal^ upUser = UserPrincipal::FindByIdentity(pc, userName);
if(upUser && !upUser->IsMemberOf(pc, IdentityType::SamAccountName, ADGroup))
{
String^ msg = "User " + userName + " is not a member of the " + ADGroup + " group.";
throw gcnew SecurityTokenValidationException(msg);
}
在Visual Studio 2008 / .NET 3.5 / 32位构建下运行此代码时,如果我提供有效用户但密码无效,则ValidateCredentials()将返回false。
使用Visual Studio 2013 / .NET 4.0 / 64位构建,完全相同的代码抛出LdapException:
System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at System.DirectoryServices.AccountManagement.CredentialValidator.lockedLdapBind(LdapConnection current, NetworkCredential creds, ContextOptions contextOptions)
at System.DirectoryServices.AccountManagement.CredentialValidator.BindLdap(NetworkCredential creds, ContextOptions contextOptions)
at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)
at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)
at soapcon.ADUserNameValidator.Validate(String userName, String password)
如果我将我的电脑与网络断开连接,我会收到PrincipalServerDownException例外情况,所以我很确定我实际上正在与我们的AD服务器通话。
这是我的代码问题,.NET的一个问题,还是可能是由于我们过于陈旧的Active Directory服务设置(Windows 2000)?
答案 0 :(得分:1)
我想知道不同的框架是否会使用不同的默认身份验证选项,您是否可以在两种情况下尝试threshold / 3重载?
根据评论,请在重载中尝试此.ValidateCredentials (String, String, ContextOptions)标志:
ContextOptions