使用代理用戶從.NET進行LDAP身份驗證

Question

我們希望使用「代理用戶」連接到LDAP服務器（Active Directory，Novell或其他），然後確保嘗試登錄到應用程序的用戶鍵入了在一個可接受的用戶名和密碼。我已經獲得了用於連接到LDAP的代碼，但我不知道如何檢查用戶名和密碼。你可以通過LDAP查詢來做到這一點嗎？

這裏是我的代碼的膽量至今：

Public Function Authenticate(ByVal UserName As String, ByVal Password As String) 

    Dim LDAPServer As String = ConfigurationManager.AppSettings("LDAPServer") 
    Dim proxyUsername As String = ConfigurationManager.AppSettings("LDAPProxyUser") 
    Dim proxyPassword As String = ConfigurationManager.AppSettings("LDAPProxyPassword") 

    Dim entry As DirectoryEntry 

    entry = New DirectoryEntry(LDAPServer, proxyUsername, proxyPassword) 

    'This performs the LDAP authentication' 
    Dim obj As Object = entry.NativeObject 

    Dim search As New DirectorySearcher(entry) 
    search.Filter = String.Format("(SAMAccountName={0})", UserName) 

    'How do I check the password now?' 

    Dim result As SearchResult = search.FindOne() 

    If result Is Nothing Then Throw New Exception("Unable to find SAMAccountName") 

Answer 1

我結束了創建另一個的DirectoryEntry這是誰試圖這樣來認證用戶：

Dim authEntry As DirectoryEntry 

authEntry = New DirectoryEntry(LDAPServer, UserName, Password) 

Dim authObj = authEntry.NativeObject 

如果這會引發異常，則用戶無法進行身份驗證。

Answer 2

我已經在過去使用的代碼試圖綁定使用所提供的憑據的LDAP。如果綁定的調用拋出一個異常，那麼你就沒有一個有效的用戶：

Dim servers() As String = New String(0) {"mylap.domain.com"} 
Dim con As New LdapConnection(New LdapDirectoryIdentifier(servers, True, False)) 
con.SessionOptions.SecureSocketLayer = True 
con.Credential = New Net.NetworkCredential("cn=" & userName, password) 
con.AuthType = AuthType.Basic 

Using con 
    con.Bind() 
End Using