我验证的用户在Active Directory存储如下:
I'm validating users in an Active Directory store as follows:
// using System.DirectoryServices.AccountManagement; // located in System.DirectoryServices.AccountManagement.dll using (var context = new PrincipalContext(ContextType.Domain, server, container, ContextOptions.Negotiate, validateUsername, validatePassword)) { var valid = context.ValidateCredentials(validateUsername, validatePassword); if (valid) { Console.WriteLine("SUCCESS!"); using (var userContext = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, validateUsername)) { Console.WriteLine("LastLogon = " + userContext.LastLogon); } } else Console.WriteLine("FAILED!"); }
验证是成功的,但 lastLogon 值永远不会改变。这是至关重要的,当我们在code用户由于其他软件使用这个值验证此值更改。我知道 ActiveDirectoryMembershipProvider 认证改变了这一属性,所以我不知道是否有一种方法,我可以使用 PrincipalContext (重用AD连接),但执行此验证更改 lastLogon 值。
The validation is successful, but the lastLogon value is never changed. It's essential that this value is changed when we authenticate a user in code due to other software using this value. I know ActiveDirectoryMembershipProvider authentication changes this property, so I'm wondering if there's a way I can use PrincipalContext (to reuse AD connections) but perform this validation to change the lastLogon value.
推荐答案使用的lastLogonTimestamp 。这是一个获取当你试图通过 PrincipalContext 对象连接AD更新的领域。
Use lastLogonTimestamp. This is the field that gets updated in AD when you're attempting to connect via a PrincipalContext object.
更多推荐
PrincipalContext.ValidateCredentials不设置lastLogon日期为用户
发布评论