如何在 System.DirectoryServices 中的调用之间保留连接凭据?
我正在尝试连接到不同林中的 Active Directory 域 (W2K8R2 DC)。为此,我将凭据传递到以下 DirectoryEntry 构造函数中:
DirectoryEntry(string path, string username, string password, AuthenticationTypes authenticationType)
这一切都很好。不过,我想要做的是以某种方式保留连接,并在对 AD 的所有调用中重复使用它,这样我就不需要重复传递凭据。这有可能吗?
谢谢!
I am trying to connect to an Active Directory domain (W2K8R2 DC) in a different forest. To that end, I pass the credentials into the following DirectoryEntry constructor:
DirectoryEntry(string path, string username, string password, AuthenticationTypes authenticationType)
This is all good and well. What I would like to do though is retain the connection somehow and reuse it through all my calls to the AD so that I do not need to pass the credentials repeatedly. Is this possible somehow?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您希望在连接级别进行控制,我建议您使用 System.DirectoryServices。协议。您可以重复使用 LDAP 连接来进行不同的 LDAP 查询。然而,编程范式与
DirectoryEntry有很大不同,如果您需要使用
DirectoryEntry,则必须将用户名和密码存储在某处,然后将它们传递给所有DirectoryEntry对象。我要做的就是编写一个方法GetDirectoryEntry(string dn)并让该方法使用正确的用户名和密码为我创建DirectoryEntry。这看起来不太优雅,但并没有做错什么。如果您希望密码以纯文本形式存储在内存中,请使用 SecureString< /a> 存储密码。这没有什么问题,因为
DirectoryEntry正在维护自己的 LDAP 连接池。如果您有多个具有相同用户名和密码的DirectoryEntry,它将足够智能地共享 LDAP 连接。它基本上与持有单个 LDAP 连接并执行不同的 LDAP 查询相同。它不会针对每个DirectoryEntry对象重新向 LDAP 服务器进行身份验证如果您不喜欢依赖
DirectoryEntry的黑盒功能,请使用以下建议的解决方法可能会让你感觉好一点。您只需使用用户名和密码绑定到根对象即可。然后,您可以将根对象保留为静态变量或任何您喜欢的变量。然后,您可以通过将
SearchRoot设置为根对象来执行 LDAP 查询,从而获得另一个DirectoryEntry对象。返回的DirectoryEntry仍将使用 root 的用户名和密码。同样,这并不比简单地将用户名和密码传递给DirectoryEntry更好。事实上,从性能角度来看,情况更糟,因为我们需要再执行一次 LDAP 查询来获取DirectoryEntryIf you want the control at the connection level, I recommend you to use System.DirectoryServices.Protocol. You can reuse your LDAP connection to make different LDAP queries. However, the programming paradigm is very different from
DirectoryEntryIf you need to use
DirectoryEntry, you have to store the username and password somewhere and then pass them to all theDirectoryEntryobjects. What I would do is to write a methodGetDirectoryEntry(string dn)and have this method create theDirectoryEntryfor me with the correct username and password. This doesn't look elegant but it doesn't do anything wrong. If you care password being stored in memory in plain text, use SecureString to store the password.This is nothing wrong because
DirectoryEntryis maintaining its own LDAP connection pool. If you have multipleDirectoryEntrywith the same username and password, it will be smart enough to share the LDAP connection. It's basically the same as holding a single LDAP connection and doing different LDAP queries. It's not going to re-authenticate to LDAP server for each of theDirectoryEntryobjectsIf you don't like to rely on the black box feature from
DirectoryEntry, the following suggested workaround may make you feel better.You just need to bind to a root object with username and password. Then, you can keep the root object as a static variable or whatever you like. Then, you get another
DirectoryEntryobject by doing a LDAP query with theSearchRootset to your root object. The returnedDirectoryEntrywill still use the username and password from root. Again, this is not doing anything better than simply passing in username and password toDirectoryEntry. Indeed, performance-wise, it's worse because we need to do one more LDAP query to get theDirectoryEntry