从 System.DirectoryServices 切换到 DirectoryServices.Protocols 时的身份验证类型
我需要知道 AuthenticationTypes 中的等效 AuthType 值,才能从 S.DS 迁移到 S.DS.P 代码。
我正在重写当前使用 System.DirectoryServices 命名空间的 LDAP 连接模块。为了提高与非 ActiveDirectory 服务器的兼容性,我尝试重写所有代码以使用 System.DirectoryServices.Protocols(按照“.NET 目录服务编程开发人员指南”中的建议)。一切都很顺利,除了使用 AuthenticationTypes 枚举到 SD.Protocols 使用的 AuthType 之间的转换我需要知道两者之间的等效项,以便使用旧代码的客户端在新代码发布时不会丢失功能
。我所知道的等价物是:
无 ->基本
安全->谈判(或多或少)
匿名->无
SecureSocketsLayer -> 安全套接字层将 LdapSessionOptions.SecureSocketsLayer 设置为 true
I need to know the equivalent AuthType values from AuthenticationTypes to migrate from S.DS to S.DS.P code.
I am rewriting an LDAP connection module that currently uses the System.DirectoryServices namespace. To increase compatibility with non-ActiveDirectory servers, I am trying to rewrite all of the code to use System.DirectoryServices.Protocols (as per the suggestion in "The .NET Developer's Guide to Directory Services Programming). Everything is going smoothly except for the transition between using the AuthenticationTypes enumeration to the AuthType one used by SD.Protocols. I need to know the equivalents between the two so that clients using the old code do not lose functionality when the new code is released.
The equivalencies that I know of are:
None -> Basic
Secure -> Negotiate (more or less)
Anonymous -> None
SecureSocketsLayer -> setting LdapSessionOptions.SecureSocketsLayer to true
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看来您走在正确的轨道上。
经过一些研究,我能够映射几乎所有的 AuthenticationTypes 值:
None: AuthType.Basic
Secure: AuthType.Negotiate
Anonymous: AuthType.Anonymous
Signing: LdapSessionOptions.Signing
Sealing: LdapSessionOptions.Sealing
SecureSocketLayer: LdapSessionOptions.SecureSocketLayer
Encryption: Same值为 SecureSocketLayer
ReadonlyServer: LdapSessionOptions.LocatorFlag.WriteableRequired = false
Serverbind:使用具有 fullQualifiedDnsHostName 参数的 LdapDirectoryIdentifier 构造函数之一,并将值设置为 true。
FastBind:不适用,因为此 S.DS.P 在较低级别上工作。
委托:未找到相应的设置。授权可能是隐含的。一种测试方法是转换 上的代码此页面并查看它是否有效。
请注意,并非所有非 AD 服务器都支持 AuthType.Negotiate,因为它是 Windows 特定的。还有其他一些事情(例如一些 LocatorFlag 值)对于非 AD 系统也没有任何意义。因此,在转换假定 AD 连接的代码时要小心,因为某些假设将不再安全。
It looks like you were on the right track.
After doing some research, I was able to map almost all of the AuthenticationTypes values:
None: AuthType.Basic
Secure: AuthType.Negotiate
Anonymous: AuthType.Anonymous
Signing: LdapSessionOptions.Signing
Sealing: LdapSessionOptions.Sealing
SecureSocketLayer: LdapSessionOptions.SecureSocketLayer
Encryption: Same value as SecureSocketLayer
ReadonlyServer: LdapSessionOptions.LocatorFlag.WriteableRequired = false
Serverbind: Use one of the LdapDirectoryIdentifier constructors that has the fullyQualifiedDnsHostName argument, with the value set to true.
FastBind: Doesn't apply, since this S.DS.P works at a lower level.
Delegation: No corresponding setting found. It could be that delegation is implicit. One way to test would be to convert the code on this page and see if it works.
Be aware that not all non-AD servers will support AuthType.Negotiate, since it is Windows specific. There are several other things (like some of the LocatorFlag values) that will also not mean anything for non-AD systems. Thus, take care when converting code that assumed AD connectivity, since some assumptions will no longer be safe.