使用LDAP通过ASP.NET Core针对Active Directory登录身份验证时出错
我正在实现一个ASP.NET Core项目,并且试图通过LDAP验证用户登录到Active Directory的身份.我正在使用此链接 https://www.brechtbaekelandt.net/blog/post/authenticating-against-active-directory-with-aspnet-core-2-and-managing-users
I'm implementing an ASP.NET Core project and I'm trying to authenticate the user login via LDAP to Active Directory. I'm using this link https://www.brechtbaekelandt.net/blog/post/authenticating-against-active-directory-with-aspnet-core-2-and-managing-users
,以便使用ASP.NET Core对Active Directory实施身份验证.我在 appsettings.json
中尝试过的内容如下:
in order to implement the authentication against Active Directory with ASP.NET Core. What I've tried in appsettings.json
is like below:
{
"AllowedHosts": "*",
"ConnectionStrings": {
"CSDDashboardContext": "Server=xxxx;Database=CSS;Trusted_Connection=True;"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"LdapSettings": {
"ServerName": "par.fr",
"ServerPort": 389,
"UseSSL": false,
"Credentials": {
"DomainUserName": "par\\koli-h",
"Password": "asdq/1998"
},
"SearchBase": "CN=Users,DC=par,DC=fr",
"ContainerName": "CN=Users,DC=par,DC=fr",
"DomainName": "par.fr",
"DomainDistinguishedName": "DC=par,DC=fr",
"SearchProperty": "samAccountName" //????
}
}
现在我的问题是运行项目并输入用户:koli-h并通过:asdq/1998之后,系统显示给我无效的用户名或密码.我在服务器中的真实用户名和密码是koli-h和asdq/1998.但是,如果在运行项目后将代码中的用户更改为例如koli-ha(添加字符以使用户名不正确),则系统会向我显示错误
Now my problem is after running the project and entering the user: koli-h and pass: asdq/1998 the system shows me invalid username or password. My real username and password in the server are koli-h and asdq/1998. However, if I change my user in the code to for example koli-ha (adding a character in order to make the username incorrect) after running the project, the system shows me an error
无效的凭据
如果有人可以向我提出建议,我将无法登录系统.
I appreciate if anyone could suggest me what is the problem that I can't log into the system.
与您所引用的博客文章(已有2年历史), System.DirectoryServices
和 System.DirectoryServices.AccountManagement
命名空间 ,因此可在.NET Core 2.x/3.x中使用.
Contrary to what is stated in that blog post you referenced (which is 2 years old), the System.DirectoryServices
and System.DirectoryServices.AccountManagement
namespace are in fact supported on .NETStandard 2.0 and thus usable in .NET Core 2.x/3.x.
查看相关的Nuget页面:
Check out the relevant Nuget page:
https://www.nuget.org/packages/System.DirectoryServices.AccountManagement/4.7.0
因此,您可以非常轻松地使用常规"代码来验证用户凭据:
And thus, you can very easily use the "usual" code to validate user credentials:
using System.DirectoryServices.AccountManagement;
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "par"))
{
// validate the user's credentials
if (ctx.ValidateCredentials(userName, password)
{
// credentials are OK --> allow user in
}
else
{
// credentials aren't OK --> send back error message
}
}