我正在尝试使用LDAP验证用户
我正在使用此代码:
public bool IsAuthenticated(string domain, string username, string pwd)
{
DirectoryEntry nRoot = new DirectoryEntry("LDAP://192.134.1.142/dc=testDomain,dc=com");
nRoot.AuthenticationType = AuthenticationTypes.None;
nRoot.Username = "uid=username,dc=testDomain,DC=com"; //full dn
nRoot.Password = "pwd";
try
{
//Bind to the native AdsObject to force authentication.
Object obj = nRoot.NativeObject;
DirectorySearcher search = new DirectorySearcher(nRoot);
search.SearchScope = SearchScope.Subtree;
search.Filter = "uid=username";
search.PropertiesToLoad.Add("uid");
SearchResult sr = search.FindOne();
if(null == sr )
{
return false;
}
// Update the new path to the user in the directory
_path = sr.Path;
_filterAttribute = (String)result.Properties["uid"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
此处如果用户不是任何OU的一部分,则代码运行正常,但如果它是OU的一部分,则无法正常工作,并且出现错误
System.Runtime.InteropServices.COMException 在
//绑定到本机AdsObject以强制进行身份验证。 Object obj = nRoot.NativeObject;
如何让用户验证属于OU或任何其他组?
我尝试对OU进行硬编码并且它有效,但我不能要求用户输入他的OU
nRoot.Username = "uid=username,ou=test,dc=testDomain,DC=com"; //full dn
答案 0 :(得分:1)
string ldapsrv = "mydomain.com:389";
string dc_oq = "OU=domain_app_auth,DC=domain,DC=uk,DC=com";//,
user_nme = "username";
pws = "password";
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapsrv, dc_oq, ContextOptions.Negotiate | ContextOptions.Negotiate))
{
isValid = pc.ValidateCredentials(user_nme, pws);
}
答案 1 :(得分:0)
您需要获取用户名,找到其uid = username的对象,然后读取distinguishedName属性或返回对象的名称(将是完整DN)并使用该已发现的完整DN登录。< / p>