1. 首页
  2. 问答
  3. 使用System.DirectoryServices.AccountManagement查找组成员

使用System.DirectoryServices.AccountManagement查找组成员

2012-01-25 20 views
0

我试图使用.NET 4应用程序(VisualStudio 2010)中AccountManagement命名空间/程序集中的类型对Active Directory进行身份验证。这里是我的代码:使用System.DirectoryServices.AccountManagement查找组成员

private Boolean ValidateUser(String domainName, String userName, String password) 
{ 
    var ou = String.Format(CultureInfo.InvariantCulture, 
          "LDAP://{0}.mydomain.com/dc={0},dc=mydomain,dc=com", 
          domainName); 

    var domain = String.Format(CultureInfo.InvariantCulture, 
           "{0}.mydomain.com", 
           domainName); 

    using (var context = new PrincipalContext(ContextType.Domain, 
               domain, 
               ou)) 
    { 
     if (context.ValidateCredentials(userName, password)) 
     { 
      var userPrincipal = UserPrincipal.FindByIdentity(context, 
                  IdentityType.SamAccountName, 
                  userName); 

      return userPrincipal.IsMemberOf(context, IdentityType.Name, "GroupName"); 
     } 

     return false; 
    } 
}

该代码运行良好,直到我调用FindByIdentity的语句。此调用导致以下例外情况:

System.DirectoryServices.AccountManagement.PrincipalOperationException was caught 
    Message=Unknown error (0x80005000) 
    Source=System.DirectoryServices.AccountManagement 
    ErrorCode=-2147463168 
    StackTrace: 
     at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() 
     at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() 
     at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() 
     at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() 
     at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) 
     at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) 
     at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) 
     at Dominos.Pulse.Server.Security.DirectoryServices.ActiveDirectoryAuthenticationProvider.ValidateUser(String domainName, String userName, String password) 
    InnerException: System.Runtime.InteropServices.COMException 
     Message=Unknown error (0x80005000) 
     Source=System.DirectoryServices 
     ErrorCode=-2147463168 
     StackTrace: 
      at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) 
      at System.DirectoryServices.DirectoryEntry.Bind() 
      at System.DirectoryServices.DirectoryEntry.get_SchemaEntry() 
      at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de) 
      at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options) 
      at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry) 
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() 
     InnerException:

很明显,我有一些配置错误。如果不是这样,也许我只是在用错误的方式来解决这个问题。

我的目标是简单地验证用户对A/D,然后确保他们是特定组(或组)的成员。我究竟做错了什么?

来源

2012-01-25 SonOfPirate

+0

我不知道你在哪里设置“容器”值? – JPBlanc

+0

对不起,应该是'ou'。我已更新该帖子。 (不知道格式化发生了什么!) – SonOfPirate

回答

0

你可以尝试用餐OU这样的:

var ou = String.Format(CultureInfo.InvariantCulture, 
         "dc={0},dc=mydomain,dc=com", 
         domainName);

根上下文是不需要验证凭据。

来源

2012-01-26 15:28:07 JPBlanc

相关问题

 相关问题