服務器上的LDAP驗證

Question

我需要在輸入用戶名和密碼的c＃中驗證LDAP用戶。

DirectoryEntry entry = 
new DirectoryEntry("LDAP://" + ServerName + "/OU=managed users,OU=KK」, + LDAPDomain, AdminUsername, Adminpassword); 

DirectorySearcher search = new DirectorySearcher(entry); 
search.SearchScope = SearchScope.Subtree; 
search.Filter = "(|(&(objectCategory=person)(objectClass=user)(name=" + inputUsername + ")))"; 
search.PropertiesToLoad.Add("cn"); 
var searchresult = search.FindAll(); 

在這裏，我得到所需要的記錄（可以看到詳細信息） 然而，當我嘗試使用下面的代碼來驗證它，它總是說驗證失敗

if (searchresult != null) 
{ 
    foreach (SearchResult sr in searchresult) 
    { 
     DirectoryEntry myuser = sr.GetDirectoryEntry(); 
     myuser.Password = inputPassword; 
     try 
     { 
      object nativeObject = myuser.NativeObject; 
      if (nativeObject != null) 
       isValid = true; 
     } 
     catch(excecption ex) 
     { 
      isValid = false; 
      //Error message 
     } 

    } 
} 

它總是導致catch塊帶有錯誤信息

登錄失敗：未知的用戶名或密碼錯誤。失敗：未知的用戶名或錯誤的密碼。

我確定給定的密碼是正確的。

請建議。

至於建議由薩阿德， 我通過代碼

public static bool IsAuthenticated() 
{ 
    var isValid = false; 
    string adServer = ConfigurationManager.AppSettings["Server"]; 
    string adDomain = ConfigurationManager.AppSettings["Domain"]; 
    string adminUsername = ConfigurationManager.AppSettings["AdminUsername"]; 
    string adminpassword = ConfigurationManager.AppSettings["Password"]; 
    string username = ConfigurationManager.AppSettings["Username"]; 
    string selection = ConfigurationManager.AppSettings["Selection"]; 
    string[] dc = adDomain.Split('.'); 
    string dcAdDomain = string.Empty; 

    foreach (string item in dc) 
    { 
     if (dc[dc.Length - 1].Equals(item)) 
      dcAdDomain = dcAdDomain + "DC=" + item; 
     else 
      dcAdDomain = dcAdDomain + "DC=" + item + ","; 
    } 

    string domainAndUsername = dcAdDomain + @"\" + adminUsername; 

    DirectoryEntry entry = new DirectoryEntry("LDAP://" + adServer, domainAndUsername, adminpassword); 

    try 
    {     
     //Bind to the native AdsObject to force authentication. 
     object obj = entry.NativeObject;    
     DirectorySearcher search = new DirectorySearcher(entry); 

     search.Filter = "(SAMAccountName=" + username + ")"; 
     search.PropertiesToLoad.Add("cn"); 
     SearchResult result = search.FindOne(); 
     Console.WriteLine("And here is the result = " + result); 
     if (null == result) 
     { 
      isValid = false; 
     } 

     //Update the new path to the user in the directory. 
     var _path1 = result.Path; 
     var _filterAttribute = (string)result.Properties["cn"][0]; 
     Console.WriteLine("And here is the _path1 = " + _path1); 
     Console.WriteLine("And here is the _filterAttribute = " + _filterAttribute); 
     isValid = true; 
    } 
    catch (Exception ex1) 
    {// your catch here 
     Console.WriteLine("Exception occurred " + ex1.Message + ex1.StackTrace); 
    } 
    return isValid; 
} 

改變它畢竟是給錯誤

Exception occurred Logon failure: unknown user name or bad passwor 
d. 
    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) 
    at System.DirectoryServices.DirectoryEntry.Bind() 
    at System.DirectoryServices.DirectoryEntry.get_NativeObject() 
    at Portal.LdapTest.Program.IsAuthenticated() 

我覺得我很困惑與參數給地方。 我有 LDAP服務器地址像123.123.12.123 域名如abc.com 管理員用戶名和密碼和 的用戶名和密碼這是需要進行身份驗證。 （這是在OU =新用戶，OU = KK）

我使用的服務器名稱，域管理員用戶名和密碼創建目錄項

如何驗證給定密碼的用戶名？

Answer 1

此代碼對我的作品，嘗試，讓我知道（修改過濾器和性能，以滿足您的需要）：

 public bool IsAuthenticated(string domain, string username, string pwd){ 
     string domainAndUsername = domain + @"\" + username; 
     DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd); 

     try 
     { 

       //Bind to the native AdsObject to force authentication. 
       object obj = entry.NativeObject; 

       DirectorySearcher search = new DirectorySearcher(entry); 

       search.Filter = "(SAMAccountName=" + username + ")"; 
       search.PropertiesToLoad.Add("cn"); 
       SearchResult result = search.FindOne(); 

       if (null == result) 
       { 
        return false; 
       } 

       //Update the new path to the user in the directory. 
       _path = result.Path; 
       _filterAttribute = (string)result.Properties["cn"][0]; 

     } 
     catch(Exception e){// your catch here 

     } 
} 

Answer 2

public bool AuthenticateUser(string EmailAddress, string password,out string msg) 
{ 
    msg = string.Empty; 

    if (password == null || password == string.Empty || EmailAddress == null || EmailAddress == string.Empty) 
    { 
     msg = "Email and/or password can't be empty!"; 
     return false; 
    } 

    try 
    { 
     ADUserInfo userInfo = GetUserAttributes(EmailAddress); 

     if (userInfo == null) 
     { 
      msg = "Error: Couldn't fetch user information!"; 
      return false; 
     } 
     DirectoryEntry directoryEntry = new DirectoryEntry(LocalGCUri, userInfo.Upn, password); 
     directoryEntry.AuthenticationType = AuthenticationTypes.None; 
     string localFilter = string.Format(ADSearchFilter, EmailAddress); 


     DirectorySearcher localSearcher = new DirectorySearcher(directoryEntry); 
     localSearcher.PropertiesToLoad.Add("mail"); 
     localSearcher.Filter = localFilter; 

     SearchResult result = localSearcher.FindOne(); 


     if (result != null) 
     { 
      msg = "You have logged in successfully!"; 
      return true; 
     } 
     else 
     { 
      msg = "Login failed, please try again."; 
      return false; 
     } 
    }catch (Exception ex) 
    { 
     //System.ArgumentException argEx = new System.ArgumentException("Logon failure: unknown user name or bad password"); 
     //throw argEx; 
     msg = "Wrong Email and/or Password!"; 
     return false; 
    } 
}