使用代理用户从 .NET 进行 LDAP 身份验证
我们希望使用“代理用户”连接到 LDAP 服务器(Active Directory、Novell 或其他),然后确保尝试登录应用程序的用户输入了可接受的用户名和密码。我已经获得了连接 LDAP 的代码,但我不知道如何检查用户名和密码。您可以通过 LDAP 查询来完成此操作吗?
到目前为止,这是我的代码的核心内容:
Public Function Authenticate(ByVal UserName As String, ByVal Password As String)
Dim LDAPServer As String = ConfigurationManager.AppSettings("LDAPServer")
Dim proxyUsername As String = ConfigurationManager.AppSettings("LDAPProxyUser")
Dim proxyPassword As String = ConfigurationManager.AppSettings("LDAPProxyPassword")
Dim entry As DirectoryEntry
entry = New DirectoryEntry(LDAPServer, proxyUsername, proxyPassword)
'This performs the LDAP authentication'
Dim obj As Object = entry.NativeObject
Dim search As New DirectorySearcher(entry)
search.Filter = String.Format("(SAMAccountName={0})", UserName)
'How do I check the password now?'
Dim result As SearchResult = search.FindOne()
If result Is Nothing Then Throw New Exception("Unable to find SAMAccountName")
We want to use a "proxy user" to connect to an LDAP server (Active Directory, Novell, or otherwise) and then make sure that the user trying to log into the application has typed in an acceptable user name and password. I have got the code for connecting to LDAP just fine, but I'm at a loss as to how to check the user name and password. Can you do this through an LDAP query?
Here's the guts of my code so far:
Public Function Authenticate(ByVal UserName As String, ByVal Password As String)
Dim LDAPServer As String = ConfigurationManager.AppSettings("LDAPServer")
Dim proxyUsername As String = ConfigurationManager.AppSettings("LDAPProxyUser")
Dim proxyPassword As String = ConfigurationManager.AppSettings("LDAPProxyPassword")
Dim entry As DirectoryEntry
entry = New DirectoryEntry(LDAPServer, proxyUsername, proxyPassword)
'This performs the LDAP authentication'
Dim obj As Object = entry.NativeObject
Dim search As New DirectorySearcher(entry)
search.Filter = String.Format("(SAMAccountName={0})", UserName)
'How do I check the password now?'
Dim result As SearchResult = search.FindOne()
If result Is Nothing Then Throw New Exception("Unable to find SAMAccountName")
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我过去使用的代码尝试使用提供的凭据绑定到 LDAP。如果对 bind 的调用引发异常,则说明您没有有效的用户:
The code I've used in the past tries to bind to the LDAP using the provided credentials. If the call to bind throws an exception, then you do not have a valid user:
我最终创建了另一个 DirectoryEntry,它是尝试进行身份验证的用户,如下所示:
如果这引发异常,则用户无法进行身份验证。
I ended up creating another DirectoryEntry which was the user who was trying to authenticate like this:
If this throws an exception, the user failed to authenticate.