使用 C# 从 Active Directory 获取组
我在通过 System.DirectoryServices 从 Active Directory 获取组时遇到问题
最初,我在域上注册的计算机上启动了我的应用程序,但由于它是一个活动域,我不想执行任何操作写入AD什么的,所以我设置了一台以Windows XP作为主机操作系统的机器,并在VM上安装了Windows Server 2003。
我在机器中添加了另一个以太网端口并设置了一个交换机,其中 1 个以太网端口专用于虚拟机,另一个端口用于主机。
配置 IP 地址以使它们进行通信后,我将应用程序传输到主机上并启动它,但我收到了 DirectoryServicesCOMException。
出现用户名和密码无效的消息:(只是为了检查它是否不是活动目录,我创建了第三个虚拟机并安装了 Windows XP,我使用在应用程序中测试的凭据将其添加到域中,效果很好所以
我认为这一定是因为运行应用程序的计算机不是域的一部分,
这是导致问题的代码块:
public CredentialValidation(String Domain, String Username, String Password, Boolean Secure)
{
//Validate the Domain!
try
{
PrincipalContext Context = new PrincipalContext(ContextType.Domain, Domain); //Throws Exception
_IsValidDomain = true;
//Test the user login
_IsValidLogin = Context.ValidateCredentials(Username, Password);
//Check the Group Admin is within this user
//******HERE
var Results = UserPrincipal.FindByIdentity(Context, Username).GetGroups(Context);
foreach(Principal Result in Results)
{
if (Result.SamAccountName == "Domain Admins")
{
_IsAdminGroup = true;
break;
}
}
Results.Dispose();
Context.Dispose();
}
catch (PrincipalServerDownException)
{
_IsValidDomain = false;
}
}
登录对话框中的信息是这样输入的:
Domain: test.internal
Username: testaccount
Password: Password01
希望有人可以透露一些信息 检查服务器上的安全日志后,我可以看到我的登录尝试成功,
。更新:
但这取决于:
_IsValidLogin = Context.ValidateCredentials(Username, Password);
我检查组之后的行导致了错误,因此主要问题是下面的代码行在未连接到网络的计算机上无法正常工作:
var Results = UserPrincipal.FindByIdentity(Context, Username).GetGroups(Context);
I am having issues getting the groups from Active Directory via System.DirectoryServices
Originally I started my application on a computer that was registered on the domain, but as it was a live domain I did not want to do any writes to AD what so ever, so I set up a machine with Windows XP as the host operating system, and installed windows server 2003 on a VM.
I've added another Ethernet port in the machine and set up a switch, the 1 Ethernet port is dedicated to the VM and the other port is used for the host.
After configuring the IP addresses to get them communicating I transferred my application onto the host machine and fired it up, but I was getting an DirectoryServicesCOMException.
With the message that the user name and password was invalid :( just to check that it was not active directory I created a 3rd virtual machine and installed Windows XP, which i added to the domain with the credentials tested in the APP, works a treat.
So I thought it must be because the machine where the application is running is not part of the domain.
Heres the block of code that was causing the issue:
public CredentialValidation(String Domain, String Username, String Password, Boolean Secure)
{
//Validate the Domain!
try
{
PrincipalContext Context = new PrincipalContext(ContextType.Domain, Domain); //Throws Exception
_IsValidDomain = true;
//Test the user login
_IsValidLogin = Context.ValidateCredentials(Username, Password);
//Check the Group Admin is within this user
//******HERE
var Results = UserPrincipal.FindByIdentity(Context, Username).GetGroups(Context);
foreach(Principal Result in Results)
{
if (Result.SamAccountName == "Domain Admins")
{
_IsAdminGroup = true;
break;
}
}
Results.Dispose();
Context.Dispose();
}
catch (PrincipalServerDownException)
{
_IsValidDomain = false;
}
}
The information in the login dialogue is being entered like so:
Domain: test.internal
Username: testaccount
Password: Password01
Hope someone can shed some light in this error.
Update:
After checking the Security Logs on the server i can see that my log in attempts was successful, but this is down to:
_IsValidLogin = Context.ValidateCredentials(Username, Password);
The line after where im checking the groups is causing the error, so the main issue is that the lines of code below are not working correctly from a machine thats not joined to the network:
var Results = UserPrincipal.FindByIdentity(Context, Username).GetGroups(Context);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我曾经通过 C# .NET 进行了大量的用户管理。我刚刚挖掘了一些你可以尝试的方法。
以下两个方法将获取给定 SAM 帐户名的 DirectoryEntry 对象。它需要一个 DirectoryEntry,该目录条目是您要开始搜索帐户的 OU 的根目录。
另一个将为您提供用户所属组的可分辨名称列表。然后,您可以使用这些 DN 来搜索 AD 并获取 DirectoryEntry 对象。
I used to do quite a bit of user management via C# .NET. I just dug up some methods you can try.
The following two methods will get a DirectoryEntry object for a given SAM account name. It takes a DirectoryEntry that is the root of the OU you want to start searching for the account at.
The other will give you a list of distinguished names of the groups the user is a member of. You can then use those DN's to search AD and get a DirectoryEntry object.
根据您的代码片段,当您尝试在调用 ValidateCredentials 之前创建 PrimaryContext 时会失败。此时,运行代码的线程仍在本地身份(如果您位于 Web 进程中)或您登录计算机时使用的身份(对于 Windows 进程)下工作。其中任何一个都不会存在于 test.internal 域中。
您可能想尝试重载PrincipalContext,其中在构造函数中包含用户名和密码。请参阅 http://msdn.microsoft.com/en-us/library/bb341016。 ASPX
According to your code snippet, you're failing when you attempt to create the PrincipalContext, before calling ValidateCredentials. At that point the thread running your code is still working under either a local identity (if you're in a web process) or the identity you signed onto your machine with (for a windows process). Either of these won't exist on the test.internal domain.
You might want to try the overload of PrincipalContext that includes the username and password in the constructor. See http://msdn.microsoft.com/en-us/library/bb341016.aspx