我正在尝试对Active Directory执行身份验证。
我点击了this链接。
我在Appsettings.json中具有如下AD设置。
"ldap": {
"url": "PC11.local",
"bindDn": "CN=PC11.local/users,OU=branch,DC=contoso,DC=PC11.local/users",
"bindCredentials": "mypassword",
"searchBase": "DC=contoso,DC=PC11.local/users",
"searchFilter": "(&(objectClass=users)(objectClass=person)(sAMAccountName={0}))",
"adminCn": "CN=Administrators,OU=branch,DC=contoso,DC=PC11.local/users"
}
按照上面的共享链接,我正在调用登录服务功能,并尝试使用以下代码连接到AD:
public LdapAuthenticationService(IOptions<LdapConfig> config)
{
_config = config.Value;
_connection = new LdapConnection
{
SecureSocketLayer = true
};
}
public AppUser Login(string username, string password)
{
try
{
_connection.Connect(_config.Url, LdapConnection.DEFAULT_SSL_PORT);
_connection.Bind(_config.BindDn, _config.BindCredentials);
var searchFilter = string.Format(_config.SearchFilter, username);
var result = _connection.Search(_config.SearchBase,
LdapConnection.SCOPE_SUB,
searchFilter,
new[] { MemberOfAttribute, DisplayNameAttribute, SAMAccountNameAttribute },
false);
var user = result.Next();
if (user != null)
{
}
}
catch(Exception ae)
{
throw new Exception("Login failed.");
}
_connection.Disconnect();
return null;
}
运行此代码时,出现此异常:
LdapException:无效的凭据(49)无效的凭据
LdapException:服务器消息:80090308:LdapErr:DSID-0C0903C8,注释:AcceptSecurityContext错误,数据52e,v2580