使用PrincipalContext.ValidateUser时的性能问题
我正在使用此处讨论的解决方案根据我的 ASP.NET Web 应用程序中的活动目录对用户进行身份验证。我编写了一个简单的 ADMembershipProvider 类,它与 FormsAuthentication 一起使用。在本地运行项目时工作正常,但当部署到网络中的服务器时,ValidateUser 调用需要很长时间(大约 20 秒)。
//Assumes using System.DirectoryServices.AccountManagement
public override bool ValidateUser(string username, string password) {
using (var context = new PrincipalContext(ContextType.Domain)) {
return context.ValidateCredentials(username, password);
}
}
我尝试添加名称和容器参数,如msdn 到PrincipalContext构造函数,但这些参数似乎没有任何效果。
using (var context = new PrincipalContext(ContextType.Domain, "MyDomain", "OU=MyCompany,DC=some,DC=stuff")) {
return context.ValidateCredentials(username, password);
}
我们的网络中至少有两台不同的服务器上有同样的问题。服务器连接到 AD 并运行操作系统 Windows Server 2003 SP2 (IIS6)
我的一个想法是,该问题可能与我们的域对其他域有一定的信任这一事实有关,并且它们在验证域时以某种方式参与其中。用户。但是,我们尝试验证的用户仅存在于“我们的”AD 中。
I am using the solution discussed here to authenticate users against the active directory in my ASP.NET web application. I've written a simple ADMembershipProvider class thas is used together with FormsAuthentication. Works fine when running the project locally but when deployed to a server in the network, the ValidateUser call takes really long time (approx 20s).
//Assumes using System.DirectoryServices.AccountManagement
public override bool ValidateUser(string username, string password) {
using (var context = new PrincipalContext(ContextType.Domain)) {
return context.ValidateCredentials(username, password);
}
}
I tried to add name and container parameters as documented on msdn to the PrincipalContext constructor, but these parameters doesn't seem to have any effect whatsoever.
using (var context = new PrincipalContext(ContextType.Domain, "MyDomain", "OU=MyCompany,DC=some,DC=stuff")) {
return context.ValidateCredentials(username, password);
}
We have the same problem on at least two different servers in our network. The servers are connected to the AD and running OS Windows server 2003 SP2 (IIS6)
One idea I had was that the issue might be connected to the fact that our domain has some trusts to other domains, and that they are somehow involved when validating the user. However, the users we are trying to validate exists exclusively in "our" AD.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
遇到此问题,必须使用 ValidateCredentials(string, string, ContextOptions) 方法传递正确的枚举组合以访问环境中的 ActiveDirectory 连接。
Hit this issue and had to use
ValidateCredentials(string, string, ContextOptions)method to pass in proper enum combination to access our ActiveDirectory connection in our environment.