【发布时间】:2019-08-06 13:49:19
【问题描述】:
嗨,我有一个我运行的 exe,它在我登录的域帐户的上下文中运行。该代码仅查询特定 OU 下用户的活动目录。我从加入森林的机器上运行这段代码:CompanyNameDomain.NET。
现在安全团队要求我确保此脚本和域控制器之间的所有通信都是安全的、加密的等。请注意,我没有在 DirectoryEntry() 构造函数中传递用户名/密码数据。我看过 StackOverflow,大多数问题都是关于如何通过在 DirectoryEntry 构造函数中传递用户名/密码来加密身份验证。但我的问题是如何确保这个脚本和域控制器之间的所有通信都是加密的?该代码可以正常工作。我只是不知道我是否需要做其他事情?我在 LDAP 名字对象值中使用 :636。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.DirectoryServices;
namespace ConsoleApplication1
{
public class CompanyNameExtranetUser
{
public byte[] objectGUID { get; set; }
public string sAMAccountName { get; set; }
public string givenName { get; set; }
public string sn { get; set; }
public string displayName { get; set; }
public string telephoneNumber { get; set; }
public string extensionAttribute1 { get; set; }
public string extensionAttribute5 { get; set; }
public string extensionAttribute8 { get; set; }
public int userAccountControl { get; set; }
public bool isEnabled { get; set; }
private string _mail;
public string mail { get { return _mail; } set { _mail = value.ToLower(); } }
public string inviteId { get; set; }
public string AzureObjectId { get; set; }
}
class Program
{
static void Main(string[] args)
{
const int UF_ACCOUNTDISABLE = 0x0002;
string ldapPath = "LDAP://CompanyNameDomain.NET:636/OU=CompanyNameClientsSCIMProv,DC=CompanyNameDomain,DC=NET";
DirectoryEntry _de = new DirectoryEntry(ldapPath);
string ldapFilter = "(&(objectClass=user)(extensionAttribute8=2))";
List<CompanyNameExtranetUser> _CompanyNameExtranetUsers;
SearchResultCollection src;
string[] _attributeList = {
"objectGUID",
"sAMAccountName",
"mail",
"givenName",
"sn",
"displayName",
"telephoneNumber",
"userAccountControl",
"extensionAttribute1",
"extensionAttribute5",
"extensionAttribute8"
};
try
{
using (DirectorySearcher _ds = new DirectorySearcher(_de))
{
_ds.SearchScope = SearchScope.Subtree;
_ds.Filter = ldapFilter;
_ds.PropertiesToLoad.AddRange(_attributeList);
_ds.Asynchronous = true;
src = _ds.FindAll();
if (src.Count > 0)
{
_CompanyNameExtranetUsers = new List<CompanyNameExtranetUser>();
foreach (SearchResult sr in src)
{
CompanyNameExtranetUser user = new CompanyNameExtranetUser();
foreach (string _attributeName in _ds.PropertiesToLoad)
{
try
{
switch (_attributeName)
{
case "sAMAccountName":
user.sAMAccountName = sr.Properties[_attributeName][0].ToString();
break;
case "mail":
user.mail = sr.Properties[_attributeName][0].ToString();
break;
case "extensionAttribute1":
user.extensionAttribute1 = sr.Properties[_attributeName][0].ToString();
break;
case "extensionAttribute5":
user.extensionAttribute5 = sr.Properties[_attributeName][0].ToString();
break;
case "extensionAttribute8":
user.extensionAttribute8 = sr.Properties[_attributeName][0].ToString();
break;
case "telephoneNumber":
user.telephoneNumber = sr.Properties[_attributeName][0].ToString();
break;
case "givenName":
user.givenName = sr.Properties[_attributeName][0].ToString();
break;
case "sn":
user.sn = sr.Properties[_attributeName][0].ToString();
break;
case "displayName":
user.displayName = sr.Properties[_attributeName][0].ToString();
break;
case "objectGUID":
user.objectGUID = (byte[])sr.Properties[_attributeName][0];
break;
case "userAccountControl":
user.userAccountControl = (Int32)sr.Properties[_attributeName][0];
user.isEnabled = Convert.ToBoolean(user.userAccountControl & UF_ACCOUNTDISABLE) ? false : true;
break;
default:
break;
}
}
catch (ArgumentOutOfRangeException Ex)
{
// do nothing.
}
}
_CompanyNameExtranetUsers.Add(user);
Console.WriteLine(string.Format("{0}", user.mail));
}
}
}
}
catch(Exception Ex1)
{
}
}
}
}
【问题讨论】:
标签: c# ssl active-directory ldap