当前位置: 文江博客话题详情

使用 System.DirectoryServices.AccountManagement 查找组成员身份

发布于 2024-12-28 17:05:27 字数 3540 浏览 1 评论 0原文

我正在尝试使用 .NET 4 应用程序 (VisualStudio 2010) 中的 AccountManagement 命名空间/程序集中的类型对 Active Directory 进行用户身份验证。这是我的代码:

private Boolean ValidateUser(String domainName, String userName, String password)
{
    var ou = String.Format(CultureInfo.InvariantCulture,
                           "LDAP://{0}.mydomain.com/dc={0},dc=mydomain,dc=com",
                           domainName);

    var domain = String.Format(CultureInfo.InvariantCulture,
                               "{0}.mydomain.com",
                               domainName);

    using (var context = new PrincipalContext(ContextType.Domain,
                                              domain,
                                              ou))
    {
        if (context.ValidateCredentials(userName, password))
        {
            var userPrincipal = UserPrincipal.FindByIdentity(context,
                                                             IdentityType.SamAccountName,
                                                             userName);

            return userPrincipal.IsMemberOf(context, IdentityType.Name, "GroupName");
        }

        return false;
    }
}

代码运行良好,直到我调用 FindByIdentity 的语句为止。此调用会导致以下异常:

System.DirectoryServices.AccountManagement.PrincipalOperationException was caught
  Message=Unknown error (0x80005000)
  Source=System.DirectoryServices.AccountManagement
  ErrorCode=-2147463168
  StackTrace:
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
       at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
       at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
       at Dominos.Pulse.Server.Security.DirectoryServices.ActiveDirectoryAuthenticationProvider.ValidateUser(String domainName, String userName, String password)
  InnerException: System.Runtime.InteropServices.COMException
       Message=Unknown error (0x80005000)
       Source=System.DirectoryServices
       ErrorCode=-2147463168
       StackTrace:
            at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
            at System.DirectoryServices.DirectoryEntry.Bind()
            at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
            at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
            at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
            at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
            at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       InnerException:

显然我的配置有误。如果没有,也许我只是以错误的方式处理这件事。

我的目标是简单地针对 A/D 对用户进行身份验证,然后确保他们是特定组(或多个组)的成员。我做错了什么?

原文

I'm trying to authenticate a user against Active Directory using the types in the AccountManagement namespace/assembly in my .NET 4 application (VisualStudio 2010). Here is the code I have:

private Boolean ValidateUser(String domainName, String userName, String password)
{
    var ou = String.Format(CultureInfo.InvariantCulture,
                           "LDAP://{0}.mydomain.com/dc={0},dc=mydomain,dc=com",
                           domainName);

    var domain = String.Format(CultureInfo.InvariantCulture,
                               "{0}.mydomain.com",
                               domainName);

    using (var context = new PrincipalContext(ContextType.Domain,
                                              domain,
                                              ou))
    {
        if (context.ValidateCredentials(userName, password))
        {
            var userPrincipal = UserPrincipal.FindByIdentity(context,
                                                             IdentityType.SamAccountName,
                                                             userName);

            return userPrincipal.IsMemberOf(context, IdentityType.Name, "GroupName");
        }

        return false;
    }
}

The code runs great until the statement where I call FindByIdentity. This call results in the following exception:

System.DirectoryServices.AccountManagement.PrincipalOperationException was caught
  Message=Unknown error (0x80005000)
  Source=System.DirectoryServices.AccountManagement
  ErrorCode=-2147463168
  StackTrace:
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
       at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
       at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
       at Dominos.Pulse.Server.Security.DirectoryServices.ActiveDirectoryAuthenticationProvider.ValidateUser(String domainName, String userName, String password)
  InnerException: System.Runtime.InteropServices.COMException
       Message=Unknown error (0x80005000)
       Source=System.DirectoryServices
       ErrorCode=-2147463168
       StackTrace:
            at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
            at System.DirectoryServices.DirectoryEntry.Bind()
            at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
            at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
            at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
            at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
            at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       InnerException:

Clearly I have something configured wrong. If not, perhaps I'm simply going about this the wrong way.

My goal is to simply authenticate the user against A/D then make sure that they are the member of a specific group (or groups). What am I doing wrong?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦归所梦 2025-01-04 17:05:27

您可以尝试像这样用餐 OU 吗:

var ou = String.Format(CultureInfo.InvariantCulture,
                      "dc={0},dc=mydomain,dc=com",
                      domainName);

根上下文不需要验证凭据。

Can you try to dine OU like this :

var ou = String.Format(CultureInfo.InvariantCulture,
                      "dc={0},dc=mydomain,dc=com",
                      domainName);

The root context is just not need to validate credentials.

回复 原文
~没有更多了~

关于作者

静谧幽蓝

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

燃烧我的卡路李先生

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

∞梦里开花

文章 0 评论 0

qq_IklFPL

文章 0 评论 0

迷途知返

文章 0 评论 0

深海不蓝

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文