【发布时间】:2019-05-16 10:02:41
【问题描述】:
我有以下代码:
public void AuthenticateActiveDirectoryAccount(string username, string password)
{
PrincipalContext context;
var envSettings = _settingsService.GetGlobalSetting<EnvironmentSettings>().Props;
string ADServer = envSettings.ActiveDirectory.ServerURI;
string ADUserName = envSettings.ActiveDirectory.Username;
string ADUserPassword = envSettings.ActiveDirectory.Password;
string account = null;
account = username.ToLower();
if (ADUserName.Length > 0)
context = new PrincipalContext(ContextType.Domain, ADServer, ADUserName, ADUserPassword);
else
context = new PrincipalContext(ContextType.Domain, ADServer);
using (context)
{
if (!context.ValidateCredentials(account, password))
{
throw new Exception();
}
}
}
这对大多数用户都很有效,但有些用户会遇到以下异常:
服务器不处理目录请求:System.DirectoryServices.Protocols.ErrorChecking.CheckAndSetLdapError(Int32 错误)\r\n vid System.DirectoryServices.Protocols.LdapSessionOptions.FastConcurrentBind()\r\n vid System.DirectoryServices.AccountManagement .CredentialValidator.BindLdap(NetworkCredential creds, ContextOptions contextOptions)\r\n vid System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)\r\n vid System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName,字符串密码)
首先我认为失败的用户没有调用 AD 的权限,但我确定 AdServer、AdUserName 和 AdUserPassword 设置为应该具有访问权限的全局 AD 帐户。
为什么有些用户会得到这个异常?
【问题讨论】:
-
您是否检查过受影响用户的系统配置在 AD 中是否正确?一些相关提示可以在这里找到:social.msdn.microsoft.com/Forums/sqlserver/en-US/….
标签: c# .net authentication active-directory