C# LDAP查询c中的LDAP注入#_C#_Security_Asp.net Web Api_Ldap

C# LDAP查询c中的LDAP注入#

c# security asp.net-web-api ldap

C# LDAP查询c中的LDAP注入#,c#,security,asp.net-web-api,ldap,C#,Security,Asp.net Web Api,Ldap,这是我的bool连接，用于验证用户是否在广告组中。我的密码里有个安全标志 private bool testconnection(string user) { bool isInGroup = false; if (user.Length <= 7 && user.All(char.IsLetterOrDigit)) { string groupName = "GroupNa

这是我的bool连接，用于验证用户是否在广告组中。我的密码里有个安全标志

    private bool testconnection(string user)
    {
        bool isInGroup = false;
        if (user.Length <= 7 && user.All(char.IsLetterOrDigit))
        {
            string groupName = "GroupName";
            DirectoryEntry de = new DirectoryEntry("LDAP://DC=mycompany,DC=com");
            DirectorySearcher searcher = new DirectorySearcher(de);
            searcher.Filter = "(&(objectClass=user)(|(cn=" + user + ")(sAMAccountName=" + user + ")))"; //When I'm concatenating the user name, here I got the security flag which is below.

            SearchResult result = searcher.FindOne();

            if (result != null)
            {

                DirectoryEntry person = result.GetDirectoryEntry();
                PropertyValueCollection groups = person.Properties["memberof"];

                foreach (string g in groups)
                {
                    if (g.Contains(groupName))
                    {
                        isInGroup = true;
                        break;
                    }
                }

            }
        }
        return isInGroup;
    }

private bool testconnection（字符串用户）
{
bool-isInGroup=false；
如果（user.Length根据，则在称为.Net AntiXSS的某种独立库中提供了类