
由网友(看透)分享简介:我创建了一个小型应用程序,它尝试验证基于他们的用户名和密码的用户。在Active Directory所驻留在同一域中运行时,此应用程序工作正常。I've created a small application which attempts to authenticate a user based on their u...

我创建了一个小型应用程序,它尝试验证基于他们的用户名和密码的用户。在Active Directory所驻留在同一域中运行时,此应用程序工作正常。

I've created a small application which attempts to authenticate a user based on their username and password. This application works correctly when run on the same domain which Active Directory resides on.

我现在必须扩展应用程序也可以用在结构域在安全性和权限方面的封闭。换句话说,有没有办法来运行基于管理员帐户的应用程序,或具有必要的权限来访问Active Directory的帐户?

I must now extend the application to also work on domains which are "closed" in terms of security and permissions. In other words, is there a way to run the application based on an administrator account, or an account which has the necessary permissions to access the Active Directory?


This is the code I have used to authenticate a user:

using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, server + ":" + port))
       if (pc.ValidateCredentials(username, password))
              valid = true;
              valid = false;

以上code完美的作品,但我想改变它,以便它可以在通过身份验证的方式与Active Directory数据库进行通信。

The above code works perfectly, however I would like to modify it so that it can communicate with the Active Directory database in an authenticated manner.


I have read numerous documentation and resources, but have not found anything. The closes I found was an article mentioning that IIS has to be set up and configured in a specific manner. However, my application is a simple C# application, and IIS is not being used.


如果我理解这个问题正确,你想要 ValidateCredentials 使用不同的用户比当前进程执行用户。

If I understand the question properly, you want to execute ValidateCredentials using a different user than the current process' user.


I may be missing something, but have you tried modifying your code this way?

using (PrincipalContext pc = 
        new PrincipalContext(ContextType.Domain, 
                             server + ":" + port, 
       return pc.ValidateCredentials(username, password);


It simply uses a constructor that takes the special account you are using for accessing the domain.


