您的位置: 首页  >  技术问答  >  使用LDAP通过ASP.NET Core针对Active Directory登录身份验证时出错

使用LDAP通过ASP.NET Core针对Active Directory登录身份验证时出错

分类: 技术问答 2022-05-04 15:54:42
问题描述:

我正在实现一个ASP.NET Core项目,并且试图通过LDAP验证用户登录到Active Directory的身份.我正在使用此链接 https://www.brechtbaekelandt.net/blog/post/authenticating-against-active-directory-with-aspnet-core-2-and-managing-users

I'm implementing an ASP.NET Core project and I'm trying to authenticate the user login via LDAP to Active Directory. I'm using this link https://www.brechtbaekelandt.net/blog/post/authenticating-against-active-directory-with-aspnet-core-2-and-managing-users

,以便使用ASP.NET Core对Active Directory实施身份验证.我在 appsettings.json 中尝试过的内容如下:

in order to implement the authentication against Active Directory with ASP.NET Core. What I've tried in appsettings.json is like below:

{
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "CSDDashboardContext": "Server=xxxx;Database=CSS;Trusted_Connection=True;"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },

  "LdapSettings": {
    "ServerName": "par.fr", 
    "ServerPort": 389, 
    "UseSSL": false,
    "Credentials": {
      "DomainUserName": "par\\koli-h",
      "Password": "asdq/1998"
    },
    "SearchBase": "CN=Users,DC=par,DC=fr",
    "ContainerName": "CN=Users,DC=par,DC=fr", 
    "DomainName": "par.fr",
    "DomainDistinguishedName": "DC=par,DC=fr",
    "SearchProperty": "samAccountName" //????
  }
}

现在我的问题是运行项目并输入用户:koli-h并通过:asdq/1998之后,系统显示给我无效的用户名或密码.我在服务器中的真实用户名和密码是koli-h和asdq/1998.但是,如果在运行项目后将代码中的用户更改为例如koli-ha(添加字符以使用户名不正确),则系统会向我显示错误

Now my problem is after running the project and entering the user: koli-h and pass: asdq/1998 the system shows me invalid username or password. My real username and password in the server are koli-h and asdq/1998. However, if I change my user in the code to for example koli-ha (adding a character in order to make the username incorrect) after running the project, the system shows me an error

无效的凭据

如果有人可以向我提出建议,我将无法登录系统.

I appreciate if anyone could suggest me what is the problem that I can't log into the system.

与您所引用的博客文章(已有2年历史), System.DirectoryServices System.DirectoryServices.AccountManagement 命名空间 ,因此可在.NET Core 2.x/3.x中使用.

Contrary to what is stated in that blog post you referenced (which is 2 years old), the System.DirectoryServices and System.DirectoryServices.AccountManagement namespace are in fact supported on .NETStandard 2.0 and thus usable in .NET Core 2.x/3.x.

查看相关的Nuget页面:

Check out the relevant Nuget page:

https://www.nuget.org/packages/System.DirectoryServices.AccountManagement/4.7.0

因此,您可以非常轻松地使用常规"代码来验证用户凭据:

And thus, you can very easily use the "usual" code to validate user credentials:

using System.DirectoryServices.AccountManagement;

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "par"))
{
    // validate the user's credentials
    if (ctx.ValidateCredentials(userName, password)
    {
        // credentials are OK --> allow user in
    }
    else
    {
        // credentials aren't OK --> send back error message
    }
}

相关推荐