Asp.net LDAP获取组名
当我尝试获取用户所属的组时,出现“登录失败:未知用户名或错误密码”错误。用户身份验证工作正常,这是我无法理解的。如何根据AD正确验证用户,但无法获取其组名? 我得到用户的ID和密码。我有一个处理身份验证的类Asp.net LDAP获取组名,asp.net,ldap,c#-2.0,Asp.net,Ldap,C# 2.0,当我尝试获取用户所属的组时,出现“登录失败:未知用户名或错误密码”错误。用户身份验证工作正常,这是我无法理解的。如何根据AD正确验证用户,但无法获取其组名? 我得到用户的ID和密码。我有一个处理身份验证的类 if ((true == adAuth.IsAuthenticated(sDomain, sID, sPassword))) { string sGroups = adAuth.GetGroups(); 这是身份验证类: public
if ((true == adAuth.IsAuthenticated(sDomain, sID, sPassword)))
{
string sGroups = adAuth.GetGroups();
public class LdapAuthentication
{
string _path;
string _filterAttribute;
public LdapAuthentication(string path)
{
_path = path;
}
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + "\\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try {
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if ((result == null)) {
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = Convert.ToString(result.Properties["cn"][0]);
}
catch (Exception ex) {
throw new Exception("Error authenticating user. " + ex.Message);
//return false;
}
return true;
}
public string GetGroups()
{
//DirectorySearcher search = new DirectorySearcher(_path);
// Use following two lines instead of the above to handle cases of authenticatin against an LDAP server other than local AD domain
DirectoryEntry deSearchRoot = new DirectoryEntry(_path);
DirectorySearcher search = new DirectorySearcher(deSearchRoot);
search.Filter = "(cn=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
try {
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
string dn = null;
int equalsIndex = 0;
int commaIndex = 0;
int propertyCounter = 0;
for (propertyCounter = 0; propertyCounter <= propertyCount - 1; propertyCounter++) {
dn = Convert.ToString(result.Properties["memberOf"][propertyCounter]);
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if ((equalsIndex == -1)) {
return null;
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
} catch (Exception ex) {
throw new Exception("Error obtaining group names. " + ex.Message);
}
return groupNames.ToString();
}
公共类LDA身份验证
{
字符串路径;
字符串过滤器属性;
公共LDA身份验证(字符串路径)
{
_路径=路径;
}
公共bool已验证(字符串域、字符串用户名、字符串pwd)
{
字符串domainAndUsername=域+“\\”+用户名;
DirectoryEntry=新的DirectoryEntry(_路径,域和用户名,pwd);
试一试{
//绑定到本机对象以强制身份验证。
object obj=entry.NativeObject;
DirectorySearcher search=新的DirectorySearcher(条目);
search.Filter=“(SAMAccountName=“+username+”);
search.PropertiesToLoad.Add(“cn”);
SearchResult=search.FindOne();
如果((结果==null)){
返回false;
}
//将新路径更新到目录中的用户。
_路径=结果。路径;
_filterAttribute=Convert.ToString(result.Properties[“cn”][0]);
}
捕获(例外情况除外){
抛出新异常(“验证用户时出错。”+ex.Message);
//返回false;
}
返回true;
}
公共字符串GetGroups()
{
//DirectorySearcher search=新的DirectorySearcher(_路径);
//使用以下两行而不是以上两行来处理针对本地AD域以外的LDAP服务器进行身份验证的情况
DirectoryEntry deSearchRoot=新的DirectoryEntry(_路径);
DirectorySearcher search=新的DirectorySearcher(deSearchRoot);
search.Filter=“(cn=“+\u filteratAttribute+”);
search.PropertiesToLoad.Add(“memberOf”);
StringBuilder groupNames=新建StringBuilder();
试一试{
SearchResult=search.FindOne();
int-propertyCount=result.Properties[“memberOf”].Count;
字符串dn=null;
int equalsIndex=0;
int commaIndex=0;
int-propertyCounter=0;
对于(propertyCounter=0;propertyCounter没关系;运算符错误。代码工作正常