C# 使用活动目录的身份验证未反映 AD 中的 lastLogon 属性
[英]C# Authentication with active directory is not reflecting lastLogon attribute in AD
问题描述
I am using below code to authenticate user with active directory and it is validating successfully in case of correct credentials, but if I check the attribute "lastLogon" in AD it seems not changed
我正在使用以下代码通过活动目录对用户进行身份验证,并且在凭据正确的情况下验证成功,但是如果我检查 AD 中的属性“lastLogon”,它似乎没有改变
using (LdapConnection connection = new LdapConnection(domain))
{
connection.AuthType = AuthType.Basic;
connection.Credential = new NetworkCredential(username, password);
try
{
connection.Bind();
return "Authentication succeeded.";
}
catch (LdapException ex)
{
return "Authentication failed: " + ex.Message;
}
}
I tried also to retrieve the attribute using "DirectorySearcher" but it not retrieving the updated date.我还尝试使用“DirectorySearcher”检索属性,但它没有检索更新日期。
1 个解决方案
解决方案1
0 2023-01-20 14:05:55
I'm going to guess that you have more than one domain controller. The lastLogon attribute is not replicated between DCs.我猜你有多个域lastLogon属性不会在 DC 之间复制。 So you will only see the updated value on the DC that you authenticated against.因此,您只会在您进行身份验证的 DC 上看到更新后的值。
If your domain attribute is just the name of the domain, I believe you can get the name of the DC after you authenticate by looking at connection.SessionOptions.HostName .如果您的domain属性只是域的名称,我相信您可以在通过查看connection.SessionOptions.HostName进行身份验证后获得 DC 的名称。 (I think ) (我认为)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.