C# LDAP查询c中的LDAP注入#
这是我的bool连接,用于验证用户是否在广告组中。 我的密码里有个安全标志C# LDAP查询c中的LDAP注入#,c#,security,asp.net-web-api,ldap,C#,Security,Asp.net Web Api,Ldap,这是我的bool连接,用于验证用户是否在广告组中。 我的密码里有个安全标志 private bool testconnection(string user) { bool isInGroup = false; if (user.Length <= 7 && user.All(char.IsLetterOrDigit)) { string groupName = "GroupNa
private bool testconnection(string user)
{
bool isInGroup = false;
if (user.Length <= 7 && user.All(char.IsLetterOrDigit))
{
string groupName = "GroupName";
DirectoryEntry de = new DirectoryEntry("LDAP://DC=mycompany,DC=com");
DirectorySearcher searcher = new DirectorySearcher(de);
searcher.Filter = "(&(objectClass=user)(|(cn=" + user + ")(sAMAccountName=" + user + ")))"; //When I'm concatenating the user name, here I got the security flag which is below.
SearchResult result = searcher.FindOne();
if (result != null)
{
DirectoryEntry person = result.GetDirectoryEntry();
PropertyValueCollection groups = person.Properties["memberof"];
foreach (string g in groups)
{
if (g.Contains(groupName))
{
isInGroup = true;
break;
}
}
}
}
return isInGroup;
}
private bool testconnection(字符串用户)
{
bool-isInGroup=false;
如果(user.Length根据,则在称为.Net AntiXSS的某种独立库中提供了类