我正在使用LdapAuthentication将用户登录到Active Directory.我想找到用户所属的所有组.我正在使用以下代码:
I am using LdapAuthentication to log a user into Active Directory. I want to find all the groups that the user belongs to. I am using the following code:
string adPath = "LDAP://OU=HR Controlled Users,OU=All Users,DC=myDomain,DC=local"; LdapAuthentication adAuth = new LdapAuthentication(adPath); try { if (true == adAuth.IsAuthenticated("myDomain", txtLoginEmail.Text, txtLoginPassword.Text)) { string email = txtLoginEmail.Text; using (PrincipalContext context = new PrincipalContext(ContextType.Domain)) { UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.Name, email); foreach (var group in user.GetGroups()) { Console.WriteLine(group.Name); } } } } catch(Exception e) { /* Handle Error */ }我的问题是,即使用户身份验证按预期工作,当我调用UserPrincipal.FindByIdentity()时,我始终会得到一个空值.
My problem is that when I call UserPrincipal.FindByIdentity() I always get a null value, even though the user authentication works as intended.
为什么会这样?代码或我的方法是否有问题?它在ASP.NET 4.0 WebForms应用程序中运行.
Why is this happening? Is there a problem with the code or with my approach? This is running inside an ASP.NET 4.0 WebForms application.
更新:
显然我使用的是错误的IdentityType(cn).我签入了调试程序,该帐户的名称为"UserA".
Apparently I have been using the wrong IdentityType (cn). I checked in debug and the name of the account is "UserA".
所以我尝试手动使用以下代码:
So I tried using the following code manually:
UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.Name, "UserA");但是我还是空了.
更新2(已解决):
这个问题有两个方面.声明PrincipalContext时,我需要指定域控制器的名称.
The issue was two fold. I needed to specify the name of my domain controller when declaring the PrincipalContext.
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "myDomain")) { // code here... }然后,当搜索UserPrincipal时,我使用的是错误的IdentityType;我正在使用IdentityType.Name-这是帐户名称-而不是IdentityType.SamAccountName-这是用户名进行搜索.
Then, when searching for the UserPrincipal I was using the wrong IdentityType; I was searching with IdentityType.Name - which is the name of the account - instead of IdentityType.SamAccountName - which is the username.
UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, email);问题解决了.
推荐答案通过使用IdentityType.Name,您告诉它要传递的值是帐户的名称(即cn属性) .如果要按用户名(sAMAccountName属性)进行匹配,则需要传递IdentityType.SamAccountName.
By using IdentityType.Name, you're telling it that the value you're passing is the name of the account (which is the cn attribute). If you want to match by username (the sAMAccountName atrribute), you'll need to pass IdentityType.SamAccountName.
旧答案: 但是您似乎正在向其发送电子邮件地址.因此,那的确将一无所获.
Old answer: But you seem to be sending it the email address. So that will indeed always return nothing.
AD不会将电子邮件地址视为唯一标识符,因此不能将FindByIdentity与电子邮件地址一起使用.
AD does not consider an email address to be a unique identifier, so you cannot use FindByIdentity with an email address.
以下是有关如何通过电子邮件地址进行搜索的示例: doogalbellend.blogspot.ca/2012/03/finding-userprincipal-for-email-address.html
Here is an example on how to search by email address: doogalbellend.blogspot.ca/2012/03/finding-userprincipal-for-email-address.html
更多推荐
UserPrincipal.FindByIdentity()始终返回null
发布评论