ASP.Net Webforms 上的 LDAPS 与 ActiveDirectoryMembershipProvider

发布于 2024-08-18 09:44:34 字数 462 浏览 9 评论 0 原文

我已将 ActiveDirectoryMembershipProvider 连接保护属性设置为安全,根据 MSDN 文档指出,当设置为安全时,以下内容成立:

“ActiveDirectoryMembershipProvider 类将尝试使用 SSL 连接到 Active Directory。如果 SSL 失败,则第二次尝试连接到如果两次尝试都失败,Active Directory 将抛出 ProviderException 异常。

该代码有效,并且可以针对 LDAP 进行查询,但让我有点困惑的一个问题是我的连接字符串以 LDAP 而不是 LDAPS 为前缀。将此更改为 LDAPS 会导致以下错误: “解析器错误消息:对 COM 组件的调用已返回错误 HRESULT E_FAIL。”

这里发生了什么?在连接字符串只是 LDAP 的第一个实例中,是否使用了 SSL?文档指出,如果不是,则应抛出异常。如果不是,那么在这种情况下导致此错误的可能原因是什么?

I have set the ActiveDirectoryMembershipProvider connectionProtection attribute to secure, according to MSDN documentation states that when this is set to secure the following holds:

"The ActiveDirectoryMembershipProvider class will attempt to connect to Active Directory using SSL. If SSL fails, a second attempt to connect to Active Directory using sign-and-seal will be made. If both attempts fail, the ActiveDirectoryMembershipProvider instance will throw a ProviderException exception."

The code works and queries can be made against the LDAP but one issue that has me a little confused is that my connection string is prefixed with LDAP and not LDAPS. Changing this to LDAPS results in the following error:
"Parser Error Message: Error HRESULT E_FAIL has been returned from a call to a COM component."

What is happening here? In the first instance where the connection string is simply LDAP is SSL being used? The documentation indicates that if it is not, an exception should be thrown. If not, then what would be the likely cause for this error in this context?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

耳钉梦 2024-08-25 09:44:34

据我所知,所有 LDAP DN(专有名称)始终只有 LDAP 前缀 - 无论它们是否通过安全链接。安全方面通常通过正在使用的服务器上的端口来显示,389 是非安全的默认端口,636 是安全通信的默认端口。

但 LDAP 专有名称的规范确实没有 LDAPS 前缀。几年前,我做了很多 LDAP 工作,我确实记得必须处理不同的端口以进行可信或安全的通信,但我从来没有拥有过除了 LDAP 之外的完全合格的 LDAP 路径。 :// 前缀(也区分大小写!)。

As far as I know, all the LDAP DN's (distinguished names) always have an LDAP only prefix - whether they're over a secure link or not. The secure aspect typically shows up by means of the port on the server being used, 389 being the default for non-secure, and 636 being the default for a secure communication.

But the spec of the LDAP distinguished names doesn't have a LDAPS prefix, really. I've done a lot of LDAP work a few years ago, and I do remember having to deal with different ports for trusted or secured communications, but I never once had a full-qualified LDAP path have anything else but an LDAP:// prefix (case sensitive, too!).

野鹿林 2024-08-25 09:44:34

LDAP:// 前缀同时用于明文连接和 SSL 连接,要检查通信是否确实在 SSL 下,请尝试此博客条目 步骤 3 .no/blog/?blogid=7" rel="nofollow noreferrer">http://erlend.oftedal.no/blog/?blogid=7

The LDAP:// prefix is used both for clear and SSL connections, to check whether the communication is indeed under SSL try step 3 of this blog entry http://erlend.oftedal.no/blog/?blogid=7

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文