使用PrincipalContext.ValidateCredentials方法验证属于受信任域的用户

本文介绍了使用PrincipalContext.ValidateCredentials方法验证属于受信任域的用户的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

如何使用C＃API对属于受信任域的用户进行身份验证 PrincipalContext.ValidateCredentials？

How shall I authenticate a user belonging to a trusted domain using the C# APIPrincipalContext.ValidateCredentials?

Domain1和Domain2属于不同的AD林，Domain1信任Domain2。我需要使用Domains1的域控制器对Domain2 \ John进行身份验证。

Domain1 and Domain2 belong to different AD forests and Domain1 trusts Domain2. I need to authenticate Domain2\John using Domains1's domain controller.

我使用以下方法执行此操作：

I use the following method to do this:

var context = new PrincipalContext(ContextType.Domain, "Domain1"); return context.ValidateCredentials("John", password);

这适用于所有情况，除非用户名称为"John"，也存在于Domain1中。我如何明确指定Domain2 \ John需要进行身份验证？

This works for all cases except when a user by the name of "John" exists in Domain1 as well. How do I explicitly specify Domain2\John needs to be authenticated?

我想要传递这样的用户名：

I thought of passing the user name like this:

return context.ValidateCredentials("Domain2\John", password);

但是，在ValidateCredentials文档中明确禁止指定用户名的格式

However this format for specifying user name is explicitly forbidden in the ValidateCredentials documentation at

msdn.microsoft/en-us/library/system.directoryservices.accountmanagement.principalcontext.validatecredentials%28v=vs.110%29.aspx?f=255& ; MSPPError = -2147217396

msdn.microsoft/en-us/library/system.directoryservices.accountmanagement.principalcontext.validatecredentials%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396

（虽然代码似乎有效）：

(though the code seems to work) :

=== BEGIN文档引用===

===BEGIN quote from documentation===

备注 这两个重载中的userName参数方法必须采用用户名（例如，mcampbell）而不是domain \ username或username @ domain。

Remarks The userName argument in both overloads of this method must take the form username (for example, mcampbell) rather than domain\username or username@domain.

===文档中的END引用===

===END quote from documentation===

因此，这样做的正确方法是什么？

Hence, what is the right way to do this?

推荐答案

嗨kaplingat，

Hi kaplingat,

感谢您在此发帖。

For你的问题，我很困惑你如何定义下面的上下文。使用Domain2或Domain1？

For your question, I am confused about how do you define the context below. Using the Domain2 or Domain1?

return context.ValidateCredentials("Domain2\John", password);

如果要进行跨域身份验证，请使用要进行身份验证的用户域。

If you want to do cross Domain authentication, please use the Domain of user which you want to authenticate.

通常，我们有两种方法来验证用户跨域身份验证。一个是 PrincipalContext 。另一个是 DirectoryServices 。

Normally, we have two ways to authenticate user cross Domain. One is PrincipalContext. The other is DirectoryServices.

您可以从代码项目下载源文件并参考文章。

You could download the source file from the code project and refer to the article.

www.codeproject/Articles/608447/Directory-Authentication-for-Cross-Domain-Users-in

最诚挚的问候，

Wendy