1. 首頁
  2. 問答
  3. 使用System.DirectoryServices.AccountManagement查找組成員

使用System.DirectoryServices.AccountManagement查找組成員

2012-01-25 23 views
0

我試圖使用.NET 4應用程序(VisualStudio 2010)中AccountManagement命名空間/程序集中的類型對Active Directory進行身份驗證。這裏是我的代碼:使用System.DirectoryServices.AccountManagement查找組成員

private Boolean ValidateUser(String domainName, String userName, String password) 
{ 
    var ou = String.Format(CultureInfo.InvariantCulture, 
          "LDAP://{0}.mydomain.com/dc={0},dc=mydomain,dc=com", 
          domainName); 

    var domain = String.Format(CultureInfo.InvariantCulture, 
           "{0}.mydomain.com", 
           domainName); 

    using (var context = new PrincipalContext(ContextType.Domain, 
               domain, 
               ou)) 
    { 
     if (context.ValidateCredentials(userName, password)) 
     { 
      var userPrincipal = UserPrincipal.FindByIdentity(context, 
                  IdentityType.SamAccountName, 
                  userName); 

      return userPrincipal.IsMemberOf(context, IdentityType.Name, "GroupName"); 
     } 

     return false; 
    } 
}

該代碼運行良好,直到我調用FindByIdentity的語句。此調用導致以下例外情況:

System.DirectoryServices.AccountManagement.PrincipalOperationException was caught 
    Message=Unknown error (0x80005000) 
    Source=System.DirectoryServices.AccountManagement 
    ErrorCode=-2147463168 
    StackTrace: 
     at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() 
     at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() 
     at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() 
     at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() 
     at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) 
     at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) 
     at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) 
     at Dominos.Pulse.Server.Security.DirectoryServices.ActiveDirectoryAuthenticationProvider.ValidateUser(String domainName, String userName, String password) 
    InnerException: System.Runtime.InteropServices.COMException 
     Message=Unknown error (0x80005000) 
     Source=System.DirectoryServices 
     ErrorCode=-2147463168 
     StackTrace: 
      at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) 
      at System.DirectoryServices.DirectoryEntry.Bind() 
      at System.DirectoryServices.DirectoryEntry.get_SchemaEntry() 
      at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de) 
      at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options) 
      at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry) 
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() 
     InnerException:

很明顯,我有一些配置錯誤。如果不是這樣,也許我只是在用錯誤的方式來解決這個問題。

我的目標是簡單地驗證用戶對A/D,然後確保他們是特定組(或組)的成員。我究竟做錯了什麼?

來源

2012-01-25 SonOfPirate

+0

我不知道你在哪裏設置「容器」值? – JPBlanc

+0

對不起,應該是'ou'。我已更新該帖子。 (不知道格式化發生了什麼!) – SonOfPirate

回答

0

你可以嘗試用餐OU這樣的:

var ou = String.Format(CultureInfo.InvariantCulture, 
         "dc={0},dc=mydomain,dc=com", 
         domainName);

根上下文是不需要驗證憑據。

來源

2012-01-26 15:28:07 JPBlanc

相關問題

 相關問題