[英]PrincipalContext.ValidateCredentials fails with “The server cannot handle directory requests.”
I have an application where user authenticate against our Active Directory: 我有一个应用程序,用户可以根据我们的Active Directory进行身份验证:
private bool Authenticate()
{
using (var context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName))
{
return context.ValidateCredentials(this.Username.Text.Trim(), this.Password.Text.Trim());
}
}
It was working fine for several years. 好几年了。 Now, our Windows 7 machines get replaced by Windows 10 and some users get this error:
现在,我们的Windows 7计算机被Windows 10取代,一些用户遇到此错误:
The server cannot handle directory requests.
服务器无法处理目录请求。
at System.DirectoryServices.Protocols.ErrorChecking.CheckAndSetLdapError(Int32 error)
在System.DirectoryServices.Protocols.ErrorChecking.CheckAndSetLdapError(Int32错误)
at System.DirectoryServices.Protocols.LdapSessionOptions.FastConcurrentBind()在System.DirectoryServices.Protocols.LdapSessionOptions.FastConcurrentBind()
at System.DirectoryServices.AccountManagement.CredentialValidator.BindLdap(NetworkCredential creds, ContextOptions contextOptions)在System.DirectoryServices.AccountManagement.CredentialValidator.BindLdap(NetworkCredential凭据,ContextOptions contextOptions)
at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)在System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName,String password)
at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)在System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials处(字符串userName,字符串密码)
at DPI.FormLogin.Authenticate() in c:\\Developing\\Source\\DPI\\Client\\DPI\\FormLogin.cs:line 280在DPI.FormLogin.Authenticate()中位于c:\\ Developing \\ Source \\ DPI \\ Client \\ DPI \\ FormLogin.cs:line 280
The error appears only for some users and not all the time. 该错误仅对某些用户显示,而不是一直显示。 Perhaps it is related to security settings which are much stricter now on Win 10 that it was on Win 7 before.
可能与安全设置有关,现在在Win 10上要比以前在Win 7上严格得多。
Any idea how to solve it? 知道如何解决吗? How can I interrogate the currently connected LDAP server?
如何询问当前连接的LDAP服务器? Perhaps our servers are configured slightly different and the problem is limited only to a single server which might be misconfigured.
也许我们的服务器配置略有不同,问题仅限于可能配置错误的单个服务器。
Yes, adding ContextOptions.Negotiate
solved the problem: 是的,添加
ContextOptions.Negotiate
解决了该问题:
private bool Authenticate()
{
using (var context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName))
{
return context.ValidateCredentials(this.Username.Text, this.Password.Text, ContextOptions.Negotiate);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.