未知的用户名或错误的密码，LDAP Active Directory

发布于 12-16 22:23 字数 838 浏览 1 评论 0原文

我尝试使用应用程序模式 (ADAM) 对 AD 进行身份验证，但不断收到未知的用户名或错误的密码。如果我在 LDP.exe 中测试登录，则在简单绑定上登录没有问题。我已经浏览了所有具有相同问题的类似帖子，但尚未解决它，有什么建议我应该检查吗？

private bool ValidateActiveDirectoryLogin(string Username, string Password)
{
   bool Success = false;

   System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://localhost:389/OU=Users,O=TestDirectory", Username, Password);
   System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry);
   Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;

   try
   {
      System.DirectoryServices.SearchResult Results = Searcher.FindOne();
      Success = (Results != null);
   }
   catch (Exception ex)
   {
      Success = false;
      throw;
   }
   return Success;
}

原文

I'm trying to authenticate against AD using application mode (ADAM), but keep getting unknown username or bad password. If I test the login in LDP.exe it logs in no problem, on simple bind. I've trawled through all similar posts with the same issue, but have not resolved it, any suggestions what I should be checking for?

private bool ValidateActiveDirectoryLogin(string Username, string Password)
{
   bool Success = false;

   System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://localhost:389/OU=Users,O=TestDirectory", Username, Password);
   System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry);
   Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;

   try
   {
      System.DirectoryServices.SearchResult Results = Searcher.FindOne();
      Success = (Results != null);
   }
   catch (Exception ex)
   {
      Success = false;
      throw;
   }
   return Success;
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

浅沫记忆2024-12-23 22:23:51

确定您的应用程序正在使用什么上下文来访问 AD。如果您的 ASP.NET 应用程序池标识是低特权标识，则它将没有足够的权限来查询 Active Directory。如果您不想创建具有适当权限的自定义用户来运行应用程序池 - 您可以使用 LogonUser API 在该帐户的安全上下文下进行 ValidateActiveDirectoryLogin 调用。

最后，您应该考虑使用 System.DirectoryServices.AccountManagement如果您使用 .NET 3.5 或更高版本。

您可以使用类似的代码

bool validCreds = false;
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
 {
     validCreds = context.ValidateCredentials( username, password );
 }

Determine what context your application is hitting AD with. If your ASP.NET application pool identity is one that is low privileged, it won't have enough permissions to query active directory. If you don't want to create a custom user to run the app pool as with appropriate permissions - you could use the LogonUser API to make your ValidateActiveDirectoryLogin call under the security context of that account.

Finally, you should consider using System.DirectoryServices.AccountManagement if you are using .NET 3.5 or above.

You can use code like

bool validCreds = false;
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
 {
     validCreds = context.ValidateCredentials( username, password );
 }

回复收藏 0 原文

~没有更多了~