使用Novell.Directory.Ldap.NETStandard2

本文介绍了使用Novell.Directory.Ldap.NETStandard2_0的受限用户(登录工作站)在ASP.NET Core中的LDAP身份验证问题的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我使用Novell.Directory.Ldap.NETStandard2_0程序包从Active Directory中对用户进行身份验证，它对大多数用户都适用.

I use Novell.Directory.Ldap.NETStandard2_0 package to authenticate users from Active Directory and it works fine for most of users.

using (var cn = new LdapConnection()) { cn.Connect(ldapOptions.Host, ldapOptions.Port); var userDn = username.IndexOf('@') < 0 ? username + $"@{ldapOptions.Domain}" : username; cn.Bind(userDn, password); if (cn.Bound) { result.Result = AuthResult.Succeed; result.Message = "Login Successful using LDAP: {0}."; } return result; }

问题是当我们需要对仅限于登录到我们域(Active Directory)中的某些计算机的用户进行身份验证时.

The problem is when we need to authenticate users that are restricted to logon to only certain computers in our domain (Active Directory).

我将承载我的应用程序(IIS& Win Server 2016)的计算机添加到列表中，但是它仍然失败，并且无法对受限用户进行身份验证.

I added the computer that host my application (IIS & Win Server 2016) to the list but it still fails and restricted users cannot be authenticated yet.

如何解决此问题?我应该更改我的代码吗?或Active Directory/IIS设置?

How can I solve this issue? should I change my code? or Active Directory/IIS settings?

推荐答案

LDAP身份验证通常来自域控制器，因此配置为LDAP主机的域控制器必须存在于登录工作站中(userWorkstations)列表.

LDAP authentication is generally sourced from the domain controller(s), so the domain controller(s) configured as the LDAP host need to be present in the logon workstations (userWorkstations) list.