验证UPN和NT登录名的最简单方法是什么?
[英]What is the easiest way to validate a UPN and a NT login name?
问题描述
We allow our users to enter Active Directory account information using either an NT account name (domain\\account) or a UPN (account@email,xxx). 
我们允许用户使用NT帐户名(domain \\ account)或UPN(account @ email,xxx)输入Active Directory帐户信息。 I would like to write some code to validate the account in active directory before allowing the user to move on. 我想编写一些代码来验证活动目录中的帐户,然后再允许用户继续操作。 Note, we are not validating a password, just the account name. 请注意,我们不验证密码,仅验证帐户名。
I can use UserPrincipal.FindByIdentity , however, this expects only a user name. 我可以使用UserPrincipal.FindByIdentity ,但是,这只需要一个用户名。
Can I validate the account name in either format using .NET? 我可以使用.NET验证两种格式的帐户名吗? Or am I relegated to parsing out out the domain from the account name to validate both parts of the user input? 还是我被降级为从帐户名中解析出域以验证用户输入的两个部分? The later would be a bit messy, woudln't it? 稍后会有点混乱,不是吗?
2 个解决方案
解决方案1
2 已采纳 2010-07-12 21:31:59
Attempt to create a WindowsIdentity from the UPN: 尝试从UPN创建WindowsIdentity :
WindowsIdentity wi = new WindowsIdentity("alias@example.com");
It will succeed for an UPN valid in AD, throw an exception for invalid ones. 对于在AD中有效的UPN,它将成功,对于无效的UPN将引发异常。 The process validating the UPN must be connected to the AD and have proper access rights (ie. no anonimization due to delegation constraint on an impersonated context). 验证UPN的过程必须连接到AD,并具有适当的访问权限(即,由于对模拟上下文的委派约束而无法进行匿名化)。
解决方案2
1 2010-07-12 21:47:29
Take a look at the System.DirectoryServices.AccountManagement namespace, especially the PrincipalSearcher . 看一下System.DirectoryServices.AccountManagement命名空间,尤其是PrincipalSearcher 。 I think you can do a quick FindOne using a well formed QueryFilter using Query by Example and check for either accountname or UPN. 我认为您可以使用格式良好的QueryFilter( 通过示例查询)来执行快速FindOne ,并检查帐户名或UPN。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.