目录条目 |使用加密或 SSL 时出错
我正在尝试使用以下代码加密我的Active Directory访问:
// Already tried different paths (LDAP://domain.com, LDAPS://domain.com etc.)
string path = "LDAP://domain.com:636";
var ldapConnection = new DirectoryEntry(path, "loginName", "password");
ldapConnection.AuthenticationType = AuthenticationTypes.Secure; // Works perfectly
ldapConnection.AuthenticationType = AuthenticationTypes.Encryption; // Doesn't work
ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer; // Doesn't work
这两种无法正常工作的身份验证类型都引发了相同的例外:
system.DirectoryServices.DirectoryServicesComecection(0x8007052E): 用户名或密码不正确。
首先,我看到我在AD DS上缺少证书服务器并安装了它。但是安装后,我会遇到相同的错误。我可能需要安装/配置更多内容。如果是这样,请分享资源需要做什么。
我的问题:我是否需要任何先决条件(AD DS上的EX)才能使用authEthationytypes.ecryption或autheenticationTypes.securesocketslayer?还是我需要其他用户来使用此身份验证类型?
任何帮助将不胜感激。
I'm trying to encrypt my Active Directory access with the following code:
// Already tried different paths (LDAP://domain.com, LDAPS://domain.com etc.)
string path = "LDAP://domain.com:636";
var ldapConnection = new DirectoryEntry(path, "loginName", "password");
ldapConnection.AuthenticationType = AuthenticationTypes.Secure; // Works perfectly
ldapConnection.AuthenticationType = AuthenticationTypes.Encryption; // Doesn't work
ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer; // Doesn't work
Both Authentication Types that doesn't work throw the same exception:
System.DirectoryServices.DirectoryServicesCOMException (0x8007052E):
The username or password is incorrect.
Firstly I saw that I'm missing a Certificate Server on my AD DS and installed it. But after installation I get the same error. I might need to install/configure more things. If so, then please share resources what needs to be done.
My questions: Do I need any prerequisites (e.x. on the AD DS) to be able to use AuthenticationTypes.Encryption or AuthenticationTypes.SecureSocketsLayer? Or do I need a different user for using this Authentication Types?
Any Help is greatly appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试以下操作:
Secure定义了使用的身份验证类型,而securesocketslayer定义了连接的类型。它们具有不同的目的,因此可以一起使用。但实际上,您无需指定任何内容。默认值为
安全,如果指定端口636,它将使用SSL,因为这是服务器在该端口上接受连接的唯一方法。这就是为什么仅指定secure时它可以工作的原因。这也是如果您本身指定
securesocketslayer,这也是失败的原因。指定任何内容后,丢弃默认值(Secure),只使用您指定的内容。如果没有安全,它将尝试基本身份验证(又称“简单绑定”),该域可能在您的域上被禁用。noreflow noreferrer“> AuthenticationTypes enum )。
Try this:
Securedefines the type of authentication that is used, whereasSecureSocketsLayerdefines the type of connection. They serve different purposes, so they can be used together.But really, you don't need to specify anything. The default is
Secure, and if you specify port 636, it will use SSL since that's the only way the server would accept the connection on that port. That's why it works when you only specifySecure.That's also the reason it fails if you specify
SecureSocketsLayerby itself. Once you specify anything, the default (Secure) is discarded and only what you specify is used. WithoutSecureit will try basic authentication (AKA "simple bind"), which is probably disabled on your domain.More reading in the documentation for the AuthenticationTypes Enum.