我需要在輸入用戶名和密碼的c#中驗證LDAP用戶。服務器上的LDAP驗證
DirectoryEntry entry =
new DirectoryEntry("LDAP://" + ServerName + "/OU=managed users,OU=KK」, + LDAPDomain, AdminUsername, Adminpassword);
DirectorySearcher search = new DirectorySearcher(entry);
search.SearchScope = SearchScope.Subtree;
search.Filter = "(|(&(objectCategory=person)(objectClass=user)(name=" + inputUsername + ")))";
search.PropertiesToLoad.Add("cn");
var searchresult = search.FindAll();
在這裏,我得到所需要的記錄(可以看到詳細信息) 然而,當我嘗試使用下面的代碼來驗證它,它總是說驗證失敗
if (searchresult != null)
{
foreach (SearchResult sr in searchresult)
{
DirectoryEntry myuser = sr.GetDirectoryEntry();
myuser.Password = inputPassword;
try
{
object nativeObject = myuser.NativeObject;
if (nativeObject != null)
isValid = true;
}
catch(excecption ex)
{
isValid = false;
//Error message
}
}
}
它總是導致catch塊帶有錯誤信息
登錄失敗:未知的用戶名或密碼錯誤。失敗:未知的用戶名或錯誤的密碼。
我確定給定的密碼是正確的。
請建議。
至於建議由薩阿德, 我通過代碼
public static bool IsAuthenticated()
{
var isValid = false;
string adServer = ConfigurationManager.AppSettings["Server"];
string adDomain = ConfigurationManager.AppSettings["Domain"];
string adminUsername = ConfigurationManager.AppSettings["AdminUsername"];
string adminpassword = ConfigurationManager.AppSettings["Password"];
string username = ConfigurationManager.AppSettings["Username"];
string selection = ConfigurationManager.AppSettings["Selection"];
string[] dc = adDomain.Split('.');
string dcAdDomain = string.Empty;
foreach (string item in dc)
{
if (dc[dc.Length - 1].Equals(item))
dcAdDomain = dcAdDomain + "DC=" + item;
else
dcAdDomain = dcAdDomain + "DC=" + item + ",";
}
string domainAndUsername = dcAdDomain + @"\" + adminUsername;
DirectoryEntry entry = new DirectoryEntry("LDAP://" + adServer, domainAndUsername, adminpassword);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
Console.WriteLine("And here is the result = " + result);
if (null == result)
{
isValid = false;
}
//Update the new path to the user in the directory.
var _path1 = result.Path;
var _filterAttribute = (string)result.Properties["cn"][0];
Console.WriteLine("And here is the _path1 = " + _path1);
Console.WriteLine("And here is the _filterAttribute = " + _filterAttribute);
isValid = true;
}
catch (Exception ex1)
{// your catch here
Console.WriteLine("Exception occurred " + ex1.Message + ex1.StackTrace);
}
return isValid;
}
改變它畢竟是給錯誤
Exception occurred Logon failure: unknown user name or bad passwor
d.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()
at Portal.LdapTest.Program.IsAuthenticated()
我覺得我很困惑與參數給地方。 我有 LDAP服務器地址像123.123.12.123 域名如abc.com 管理員用戶名和密碼和 的用戶名和密碼這是需要進行身份驗證。 (這是在OU =新用戶,OU = KK)
我使用的服務器名稱,域管理員用戶名和密碼創建目錄項
如何驗證給定密碼的用戶名?
我它很難說,但即時猜測最有可能的搜索過濾器,你有沒有試過通過一些應用瀏覽LDAP服務器,並確保你正在尋找正確的地方? –
我可以在調試信息中看到記錄及其屬性,如DirectoryEntry myuser = sr.GetDirectoryEntry(); Console.WriteLine(「\ r \ n \ r \ nfound userName:」+ myuser.Name); Console.WriteLine(「\ r \ n department:」+(string)myuser.Properties [「department」]。Value ??「」);所以我認爲我有正確的記錄。 –
user1211476