[英]PrincipalContext.ValidateCredentials fails for some users?
我有以下代码:
public void AuthenticateActiveDirectoryAccount(string username, string password)
{
PrincipalContext context;
var envSettings = _settingsService.GetGlobalSetting<EnvironmentSettings>().Props;
string ADServer = envSettings.ActiveDirectory.ServerURI;
string ADUserName = envSettings.ActiveDirectory.Username;
string ADUserPassword = envSettings.ActiveDirectory.Password;
string account = null;
account = username.ToLower();
if (ADUserName.Length > 0)
context = new PrincipalContext(ContextType.Domain, ADServer, ADUserName, ADUserPassword);
else
context = new PrincipalContext(ContextType.Domain, ADServer);
using (context)
{
if (!context.ValidateCredentials(account, password))
{
throw new Exception();
}
}
}
这对大多数用户都很有效,但有些用户会遇到以下异常:
服务器不处理目录请求:System.DirectoryServices.Protocols.ErrorChecking.CheckAndSetLdapError(Int32 error)\\r\\n vid System.DirectoryServices.Protocols.LdapSessionOptions.FastConcurrentBind()\\r\\n vid System.DirectoryServices.AccountManagement.CredentialValidator。 BindLdap(NetworkCredential creds, ContextOptions contextOptions)\\r\\n vid System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)\\r\\n vid System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)
首先,我认为失败的用户没有调用 AD 的权限,但我确定 AdServer、AdUserName 和 AdUserPassword 设置为应该具有访问权限的全局 AD 帐户。
为什么有些用户会收到此异常?
将 ValidateCredentials 更改为此可以解决问题:
context.ValidateCredentials(account, password, ContextOptions.Negotiate | ContextOptions.Signing | ContextOptions.Sealing)
然而,这可能仍然是 Active Directory 帐户的安全问题。
如果没有域但工作组,它将与
context.ValidateCredentials(account, password, ContextOptions.Negotiate)
在 Web API 中使用时,某些用户的 PrincipalContext ValidateCredentials 失败
[英]PrincipalContext ValidateCredentials fails for some users when used in a Web API
PrincipalContext.ValidateCredentials失败,显示“服务器无法处理目录请求。”
[英]PrincipalContext.ValidateCredentials fails with “The server cannot handle directory requests.”
C#中具有缓存凭据的PrincipalContext.ValidateCredentials
[英]PrincipalContext.ValidateCredentials with cached credentials in C#
PrincipalContext.ValidateCredentials:查找用户名或密码无效
[英]PrincipalContext.ValidateCredentials: find username or password is invalid
PrincipalContext.ValidateCredentials始终返回FALSE
[英]PrincipalContext.ValidateCredentials always returns FALSE
PrincipalContext.ValidateCredentials方法中的“有效”是什么意思?
[英]What is “valid” meaning in PrincipalContext.ValidateCredentials method?
Active Directory PrincipalContext.ValidateCredentials域消除歧义
[英]Active Directory PrincipalContext.ValidateCredentials domain disambiguation
使用NetBios名称,PrincipalContext.ValidateCredentials在受信任域中变慢
[英]PrincipalContext.ValidateCredentials slow with trusted domain using NetBios name
PrincipalContext.ValidateCredentials 调用如何在 DC 上注册或标记?
[英]How is PrincipalContext.ValidateCredentials call registered or marked on DC?
为什么PrincipalContext.ValidateCredentials针对旧凭据进行验证?
[英]Why is PrincipalContext.ValidateCredentials validating against old credentials?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.