我有一个应用程序需要绑定(bind)远程客户的 Active Directory 以执行身份验证任务。
using (var ctx = new PrincipalContext(ContextType.Domain, "customer.org", "ou=people,dc=customer,dc=org", ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind, "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e88a81868c898b8b879d869ca88b9d9b9c87858d9ac6879a8f" rel="noreferrer noopener nofollow">[email protected]</a>", "password"))
{
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username); // after several seconds, throws PrincipalServerDownException
if (user == null) return null; // user doesn't exist
// check if the account is locked out, etc. (omitted)
// quickly validate credentials
if (!ctx.ValidateCredentials(username, password, ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind)) return null; // bad credentials
return user;
}
异常(exception)情况是:
PrincipalServerDownException: The server is not operational.
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetAsPrincipal(Object storeObject, Object discriminant)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
直到今天,一切都进展顺利。一项变化是运行此代码的应用程序从 4 升级到 4.5。我不能确定问题是否是升级后立即出现的,或者只是巧合。
我一直在使用 AdFind 来测试与客户 AD 的绑定(bind),它似乎工作正常。
另一个有趣的事情是 PrincipalContext
初始化得很好(从而验证其与远程存储的连接),如果我注释掉 FindByIdentity
就这么称呼ctx.ValidateCredentials
被调用,也可以正常工作。
最佳答案
实际上 4.5 很可能是问题所在。对“安全”UerPrincipal.FindByIdentity 进行了一些更改。他们倾向于在跨域和工作组 => 域场景中破坏代码。
你至少有两种可能性:
- 恢复到 4.0
- 改用 DirectoryEntry
关于c# - UserPrincipal.FindByIdentity 抛出PrincipalServerDownException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16173184/