0
我試圖使用.NET 4應用程序(VisualStudio 2010)中AccountManagement命名空間/程序集中的類型對Active Directory進行身份驗證。這裏是我的代碼:使用System.DirectoryServices.AccountManagement查找組成員
private Boolean ValidateUser(String domainName, String userName, String password)
{
var ou = String.Format(CultureInfo.InvariantCulture,
"LDAP://{0}.mydomain.com/dc={0},dc=mydomain,dc=com",
domainName);
var domain = String.Format(CultureInfo.InvariantCulture,
"{0}.mydomain.com",
domainName);
using (var context = new PrincipalContext(ContextType.Domain,
domain,
ou))
{
if (context.ValidateCredentials(userName, password))
{
var userPrincipal = UserPrincipal.FindByIdentity(context,
IdentityType.SamAccountName,
userName);
return userPrincipal.IsMemberOf(context, IdentityType.Name, "GroupName");
}
return false;
}
}
該代碼運行良好,直到我調用FindByIdentity的語句。此調用導致以下例外情況:
System.DirectoryServices.AccountManagement.PrincipalOperationException was caught
Message=Unknown error (0x80005000)
Source=System.DirectoryServices.AccountManagement
ErrorCode=-2147463168
StackTrace:
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
at Dominos.Pulse.Server.Security.DirectoryServices.ActiveDirectoryAuthenticationProvider.ValidateUser(String domainName, String userName, String password)
InnerException: System.Runtime.InteropServices.COMException
Message=Unknown error (0x80005000)
Source=System.DirectoryServices
ErrorCode=-2147463168
StackTrace:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
InnerException:
很明顯,我有一些配置錯誤。如果不是這樣,也許我只是在用錯誤的方式來解決這個問題。
我的目標是簡單地驗證用戶對A/D,然後確保他們是特定組(或組)的成員。我究竟做錯了什麼?
我不知道你在哪裏設置「容器」值? – JPBlanc
對不起,應該是'ou'。我已更新該帖子。 (不知道格式化發生了什麼!) – SonOfPirate