从 C# 针对 ADAM 验证 ADAM 用户 - 无法绑定
我已经设置了一个 ADAM 实例并添加了一些测试用户。 在 C# 中,我可以使用 Windows 帐户绑定到 ADAM,但无法使用 ADAM 用户之一进行绑定。 (我可以成功绑定ldp中的adam用户)& 我已通过将 msDS-UserAccountDisabled 属性设置为 false 来确保启用用户。 当我与我的 Windows 帐户绑定时,我可以成功搜索& 带回 ADAM 用户的属性,但我仍然在努力对它们进行身份验证,当我尝试与 ADAM 用户帐户绑定时,出现错误:错误
:System.Runtime.InteropServices.COMException (0x8007052E):登录失败:未知的用户名或密码错误。 在 System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
这是我正在使用的代码:
string userName = txtUserName.Text;
string password = txtPassword.Text;
string ADConnectionString = "LDAP://localhost:389/CN=sandbox,DC=ITOrg";
DirectoryEntry entry = new DirectoryEntry(ADConnectionString);
entry.Username = "myComputer\\Administrator";
entry.Password = "myPassword";
try
{
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = "(&(objectClass=user)(CN=" + userName + "))";
SearchResultCollection result = searcher.FindAll();
if (result.Count > 0)
{
//bind with simple bind
using (DirectoryEntry de = new DirectoryEntry(result[0].Path, userName, password,AuthenticationTypes.None))
{
if (de.Guid != null) // this is the line where it dies
{
Label1.Text = "Successfully authenticated";
Label2.Text = result[0].Properties["displayName"][0].ToString();
Label3.Text = result[0].Properties["telephoneNumber"][0].ToString();
} else
{
Lable1.Text = "Unable to Authenticate";
}
}
}
else
{
Lable1.Text = "UserName :" + userName + " not found";
}
} catch(Exception ex)
{
Label1.Text = "Error searching: " + ex.ToString();
}
提前感谢您的任何帮助,非常感谢!
I have set up an ADAM instance and added some test users. From c# I can bind to ADAM using a windows account but I cannot bind using one of the ADAM users. (I can successfully bind the adam users in ldp) & I have made sure the users are enabled by setting msDS-UserAccountDisabled attribute to false.
When I bind with my windows account I can successfully search & bring back properties for ADAM users but I am still struggling to authenticate them, when I try and bind with an ADAM user account I get the error :
Error: System.Runtime.InteropServices.COMException (0x8007052E): Logon failure: unknown user name or bad password. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
Here is the code I am using:
string userName = txtUserName.Text;
string password = txtPassword.Text;
string ADConnectionString = "LDAP://localhost:389/CN=sandbox,DC=ITOrg";
DirectoryEntry entry = new DirectoryEntry(ADConnectionString);
entry.Username = "myComputer\\Administrator";
entry.Password = "myPassword";
try
{
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = "(&(objectClass=user)(CN=" + userName + "))";
SearchResultCollection result = searcher.FindAll();
if (result.Count > 0)
{
//bind with simple bind
using (DirectoryEntry de = new DirectoryEntry(result[0].Path, userName, password,AuthenticationTypes.None))
{
if (de.Guid != null) // this is the line where it dies
{
Label1.Text = "Successfully authenticated";
Label2.Text = result[0].Properties["displayName"][0].ToString();
Label3.Text = result[0].Properties["telephoneNumber"][0].ToString();
} else
{
Lable1.Text = "Unable to Authenticate";
}
}
}
else
{
Lable1.Text = "UserName :" + userName + " not found";
}
} catch(Exception ex)
{
Label1.Text = "Error searching: " + ex.ToString();
}
Thanks in advance for any help, much appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
可能是用户名格式问题。 在 SDS 中对 ADAM 用户进行身份验证时,必须使用 LDAP 简单绑定并使用 ADAM 支持的名称格式。 从技术上讲,ADAM 也允许您使用摘要式身份验证,但这在 SDS 中不可用(仅 SDS.Protocols),因此这不适用于您的代码方法。
您正在使用简单绑定,因为您设置了 AuthenticationTypes.None ,因此该部分没问题。 可能错误的部分是用户名格式。
ADAM 接受用户的完整 DN、其 displayName(如果已设置且唯一)和/或 userPrincipalName(如果已设置且唯一)作为“可绑定”用户名,因此从用户的完整 DN 开始,看看是否有效。 如果是这样,您也可以尝试其他用户名值。 请注意,您可以在 ADAM 中添加任何您想要的 displayName 或 userPrincipalName 名称。 没有验证。 只需确保这些值是唯一的即可。
如果您确实想针对 ADAM 执行某种类型的绑定身份验证,则可以通过使用 .NET 3.5 中的 PrimaryContext 的 ValidateCredentials 方法获得更好的性能和扩展性。
此类内容在 http://www.directoryprogramming.net 的论坛中进行了记录和讨论。时间,是我经常光顾的地方,因为它是我的网站。 :) 一位朋友向我推荐了这篇文章,否则我永远不会看到它。
It is probably a username format problem. When authenticating an ADAM user in SDS, you must use LDAP simple bind and use a name format supported by ADAM. ADAM technically allows you to use Digest auth as well, but that is not available in SDS (only SDS.Protocols), so that doesn't apply to your code approach.
You ARE using simple bind because you have AuthenticationTypes.None set so that part is ok. The part that is likely wrong then is the username format.
ADAM accepts the user's full DN, their displayName (if set and unique) and/or the userPrincipalName (if set and unique) as a "bindable" username, so start with the full DN of the user and seee if that works. If so, you can try the other user name values as well. Note that you can put whatever you want for displayName or userPrincipalName in ADAM. There is no validation. Just make sure the values are unique.
If you really want to do some type of bind authentication thing against ADAM, you'll get better perf and scale by using the ValidateCredentials method of PrincipalContext in .NET 3.5.
This kind of stuff is documented and discussed in the forums over at http://www.directoryprogramming.net all the time and is a place I frequent much more often since it is my site. :) A friend tipped me off to this post or I would have never seen it.