Active Directory 帐户在第一次尝试时被锁定

发布于 2024-09-08 11:53:21 字数 1208 浏览 6 评论 0原文

我有一个网站,要求用户输入其公司网络用户名和密码。然后,它在 Active Directory 中查找该帐户并获取与该帐户关联的所有电子邮件地址的列表。

我遇到的问题是一个错误的密码会锁定帐户。我们的域政策是,帐户在三次错误输入后将被锁定,因此我假设我在代码中做错了什么。一般来说,我对 Active Directory 或 .NET DirectoryServices 不太了解,这一点从我的代码中可能显而易见。这里是:

public ArrayList AuthenticateActiveDirectory(string Domain, string UserName, string Password)
{
    // An error occurs if the username/password combo does not exist.
    // That is how we know it is not a valid entry.
    try
    {
        DirectoryEntry entry = new DirectoryEntry("LDAP://" + Domain, UserName, Password);
        object nativeObject = entry.NativeObject;
        ArrayList emails = new ArrayList();
        DirectorySearcher ds = new DirectorySearcher(entry);
        ds.Filter = "samaccountname=" + UserName;
        ds.PropertiesToLoad.Add("mail");
        SearchResult sr = ds.FindOne();
        if (sr.Properties["mail"] != null)
        {
            for (int email = 0; email < sr.Properties["mail"].Count; email++)
            {
                emails.Add(sr.Properties["mail"][email]);
            }
        }
        return emails;
    }
    catch (DirectoryServicesCOMException) { throw; }
    catch (Exception) { throw; }
}

I have a website which requires users to enter their corporate network username and password. It then looks for that account in Active Directory and gets a list of any email addresses associated with that account.

The problem I am having is that ONE incorrect password is locking out an account. Our domain policy is that an account will lock out after three incorrect entries, so I am assuming that I am doing something wrong in my code. I am not very knowledgeable about Active Directory or .NET DirectoryServices in general, which may be apparent from my code. Here it is:

public ArrayList AuthenticateActiveDirectory(string Domain, string UserName, string Password)
{
    // An error occurs if the username/password combo does not exist.
    // That is how we know it is not a valid entry.
    try
    {
        DirectoryEntry entry = new DirectoryEntry("LDAP://" + Domain, UserName, Password);
        object nativeObject = entry.NativeObject;
        ArrayList emails = new ArrayList();
        DirectorySearcher ds = new DirectorySearcher(entry);
        ds.Filter = "samaccountname=" + UserName;
        ds.PropertiesToLoad.Add("mail");
        SearchResult sr = ds.FindOne();
        if (sr.Properties["mail"] != null)
        {
            for (int email = 0; email < sr.Properties["mail"].Count; email++)
            {
                emails.Add(sr.Properties["mail"][email]);
            }
        }
        return emails;
    }
    catch (DirectoryServicesCOMException) { throw; }
    catch (Exception) { throw; }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦在夏天 2024-09-15 11:53:21

我做了一些搜索并找到了一些代码(感谢 Ayende Rahien 的解决方案)来使用它仅进行身份验证,不搜索电子邮件或其他任何内容。我在其他功能之前使用它,它似乎工作正常。我猜测我的其他代码多次点击 AD - 至少 3 次 - 这导致了锁定。这是我现在用来进行身份验证的代码:

    private bool Authenticate(string domain, string user, string password)
{
    try
    {
        using (DirectoryEntry de = new DirectoryEntry("LDAP://" + domain,
                                              user, password))
        {
            return de.NativeObject != null;
        }
    }
    catch
    {
        return false;
    }
}

I did some searching and found some code (thanks to Ayende Rahien for the solution) to use that just authenticates and doesn't search for emails or anything else. I am using this prior to the other function, and it seems to be working fine. I am guessing that my other code is hitting AD more than once - at least 3 times - which is resulting in the lockout. Here is the code I am using now to just authenticate:

    private bool Authenticate(string domain, string user, string password)
{
    try
    {
        using (DirectoryEntry de = new DirectoryEntry("LDAP://" + domain,
                                              user, password))
        {
            return de.NativeObject != null;
        }
    }
    catch
    {
        return false;
    }
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文