ActiveDirectoryMembershipProvider - 无法使用安全连接保护

发布于 2024-08-10 21:11:21 字数 4803 浏览 13 评论 0原文

我尝试使用 ASP.Net 的 MembershipProvider 仅向某些用户授予访问权限。这是由 ADAM 实例支持的。

我使用了一些运行良好的测试代码:

public static DataTable getADValuesByParameter(string strFilter, string strLDAPUser, string strLDAPPath, string strLDAPPWD, string strLDAPProperties)
        {
            DataTable functionReturnValue = default(DataTable);
            string[] arrLDAP = null;
            DirectoryEntry rootEntry = new DirectoryEntry();
            DirectorySearcher searcher = new DirectorySearcher();
            SearchResultCollection results = default(SearchResultCollection);
            DataTable dtExchangeUserData = new DataTable();
            arrLDAP = strLDAPProperties.Split(new char[] { ',' });
            rootEntry.Path = strLDAPPath;
            rootEntry.Username = strLDAPUser;
            rootEntry.Password = strLDAPPWD;
            rootEntry.AuthenticationType = AuthenticationTypes.Secure;

            searcher.SearchRoot = rootEntry;
            searcher.SearchScope = SearchScope.Subtree;
            searcher.Filter = strFilter;
            searcher.PropertiesToLoad.AddRange(arrLDAP);

            //var value = rootEntry.NativeObject;

            results = searcher.FindAll();
            Int16 si = default(Int16);
            foreach (SearchResult result in results)
            {
                si = 0;
                object[] arrKeyValue = new object[result.Properties.Count - 1];
                // -2 weil property "adspath" nicht dazu gehört, und .count -1 weil 0 basierendes array
                if ((result != null))
                {
                    System.Collections.IEnumerator myEnumerator = arrLDAP.GetEnumerator();
                    while (myEnumerator.MoveNext())
                    {
                        foreach (string Key in result.Properties.PropertyNames)
                        {
                            if (Key != "adspath")
                            {
                                if (Key.Equals(((string)myEnumerator.Current).ToLower()))
                                {
                                    if (dtExchangeUserData.Columns[Key] == null)
                                        dtExchangeUserData.Columns.Add(Key);
                                    if (Key.Equals("objectguid"))
                                    {
                                        arrKeyValue[si] = new Guid(((byte[])result.Properties[Key][0]));
                                    }
                                    else
                                    {
                                        arrKeyValue[si] = result.Properties[Key][0].ToString();
                                    }
                                    si++;
                                }
                            }
                        }
                    }
                    if (arrKeyValue.Length > 0)
                        dtExchangeUserData.Rows.Add(arrKeyValue);
                }
            }

            functionReturnValue = dtExchangeUserData;
            dtExchangeUserData.Dispose();
            rootEntry.Close();
            rootEntry.Dispose();
            return functionReturnValue;
        }

在这里,我手动查询 ADAM。虽然代码写得不好,但是可以用。请注意我如何使用“AuthenticationTypes.Secure”。

现在,当我尝试使用 ActiveDirectoryMembershipProvider 执行相同的操作(相同的连接路径、用户名、密码等)时,它会给出(大致从德语翻译而来):

配置错误异常:不能 建立安全连接 SSL。

当我调用

Membership.ValidateUser()

以下是 Web.config 文件中的相关部分时,就会发生这种情况:

<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://server.com/OU=users,DC=test,DC=adam"/>
</connectionStrings>
<authentication mode="Forms" >
      <forms loginUrl="~/Login.aspx/Test/" timeout="2880" />
    </authentication>
    <authorization>
      <deny users ="?" />
    </authorization>

    <!--<identity impersonate="true" />-->

    <trust level="Full" />

    <membership defaultProvider="MyMembershipProvider">
      <providers>
        <add name="MyMembershipProvider"
              type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              connectionStringName="ADConnectionString"
              connectionUsername="[domain]\[user]"
              connectionPassword="[password]"
              connectionProtection="Secure"
              enableSearchMethods="true"
          />
        </providers>
    </membership>

我是否使用模拟并不重要(说实话,我真的不知道它的作用)。信任级别也不会改变任何东西。

当我使用connectionProtection =“None”时,它给我(再次翻译)“错误的用户名或密码”。当我在手动示例中使用“AuthenticationTypes.None”时,出现相同的错误。

我做错了什么?

感谢您抽出时间...

I try to use ASP.Net's MembershipProvider to give access only to certain users. This is backed up by an ADAM instance.

I use some test-code which runs just fine:

public static DataTable getADValuesByParameter(string strFilter, string strLDAPUser, string strLDAPPath, string strLDAPPWD, string strLDAPProperties)
        {
            DataTable functionReturnValue = default(DataTable);
            string[] arrLDAP = null;
            DirectoryEntry rootEntry = new DirectoryEntry();
            DirectorySearcher searcher = new DirectorySearcher();
            SearchResultCollection results = default(SearchResultCollection);
            DataTable dtExchangeUserData = new DataTable();
            arrLDAP = strLDAPProperties.Split(new char[] { ',' });
            rootEntry.Path = strLDAPPath;
            rootEntry.Username = strLDAPUser;
            rootEntry.Password = strLDAPPWD;
            rootEntry.AuthenticationType = AuthenticationTypes.Secure;

            searcher.SearchRoot = rootEntry;
            searcher.SearchScope = SearchScope.Subtree;
            searcher.Filter = strFilter;
            searcher.PropertiesToLoad.AddRange(arrLDAP);

            //var value = rootEntry.NativeObject;

            results = searcher.FindAll();
            Int16 si = default(Int16);
            foreach (SearchResult result in results)
            {
                si = 0;
                object[] arrKeyValue = new object[result.Properties.Count - 1];
                // -2 weil property "adspath" nicht dazu gehört, und .count -1 weil 0 basierendes array
                if ((result != null))
                {
                    System.Collections.IEnumerator myEnumerator = arrLDAP.GetEnumerator();
                    while (myEnumerator.MoveNext())
                    {
                        foreach (string Key in result.Properties.PropertyNames)
                        {
                            if (Key != "adspath")
                            {
                                if (Key.Equals(((string)myEnumerator.Current).ToLower()))
                                {
                                    if (dtExchangeUserData.Columns[Key] == null)
                                        dtExchangeUserData.Columns.Add(Key);
                                    if (Key.Equals("objectguid"))
                                    {
                                        arrKeyValue[si] = new Guid(((byte[])result.Properties[Key][0]));
                                    }
                                    else
                                    {
                                        arrKeyValue[si] = result.Properties[Key][0].ToString();
                                    }
                                    si++;
                                }
                            }
                        }
                    }
                    if (arrKeyValue.Length > 0)
                        dtExchangeUserData.Rows.Add(arrKeyValue);
                }
            }

            functionReturnValue = dtExchangeUserData;
            dtExchangeUserData.Dispose();
            rootEntry.Close();
            rootEntry.Dispose();
            return functionReturnValue;
        }

Here, I query the ADAM manually. Although the code is badly written, it works. Note how I use "AuthenticationTypes.Secure".

Now, when I try to do the same thing (same connectionPath, username, password and so on) with the ActiveDirectoryMembershipProvider, it gives me (roughly translated from German):

ConfigurationErrorsException: Can't
establish a secure connection over
SSL.

This happens when I call

Membership.ValidateUser()

Here are the relevant parts from the Web.config file:

<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://server.com/OU=users,DC=test,DC=adam"/>
</connectionStrings>
<authentication mode="Forms" >
      <forms loginUrl="~/Login.aspx/Test/" timeout="2880" />
    </authentication>
    <authorization>
      <deny users ="?" />
    </authorization>

    <!--<identity impersonate="true" />-->

    <trust level="Full" />

    <membership defaultProvider="MyMembershipProvider">
      <providers>
        <add name="MyMembershipProvider"
              type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              connectionStringName="ADConnectionString"
              connectionUsername="[domain]\[user]"
              connectionPassword="[password]"
              connectionProtection="Secure"
              enableSearchMethods="true"
          />
        </providers>
    </membership>

It doesn't matter whether I use impersonation or not (to be honest, I don't really know what it does anyway). Trust-level doesn't change anything either.

When I use connectionProtection="None" instead, it gives me (again translated) "Wrong username or password". I get the same error when I use "AuthenticationTypes.None" in the manual example.

What am I doing wrong?

Thanks for your time...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文