1

AD メンバーシップ プロバイダーを使用してユーザー名を検証していますが、user@upnDomain.com 以外のものを動作させるのに問題があります。

他のユーザー名形式を機能させることは可能ですか?

コード

        MembershipProvider domainProvider;
        domainProvider = Membership.Providers["MyADMembershipProvider"];

        if (domainProvider.ValidateUser("zzTest123", "pass"))
        {

        }
        if (domainProvider.ValidateUser(@"PARTNERSGROUP\zzTest123", "pass"))
        {

        }
        if (domainProvider.ValidateUser("zzTest123@company.com", "pass"))
        {

        }
        if (domainProvider.ValidateUser("zzTest123@testfirm.com", "pass"))
        {
          // this is the UPN and the only one that works.
        }

Web.config

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" name=".ADAuthCookie"  timeout="10" />
</authentication>

<membership>
  <providers>
    <add  name="MyADMembershipProvider"   type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,  Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"  connectionStringName="TestDomain1ConnectionString"       />
  </providers>
</membership>
4

1 に答える 1

0

Based on my testing the Membership provider only works with the UPN. To implement support for other types, override ActiveDirectoryMembershipProvider's ValidateUser function and add some variation of the following:

// 
// Will validate UPN, shortname only, or domain prefixed (domain\user)
public bool IsAuthenticated( string usr, string pwd)
{
    bool authenticated = false;
    DirectorySearcher dseSearcher=null;
    DirectoryEntry entry = null;
    try
    {
          dseSearcher = new DirectorySearcher();
        string rootDSE = dseSearcher.SearchRoot.Path;
          entry = new DirectoryEntry(rootDSE, usr, pwd);
        object nativeObject = entry.NativeObject;
        authenticated = true;
    }
    catch (DirectoryServicesCOMException cex)
    {
        //not authenticated; reason why is in cex
    }
    catch (Exception ex)
    {
        //not authenticated due to some other exception [this is optional]
    }
    finally 
    {
        dseSearcher.Dispose();
        entry.Dispose();
    }
    return authenticated;
}

Be aware that the System.DirectoryServices.AccountManagement namespace will only validate the shortname, the UPN, but doesn't appear to validate DOMAIN\Username accounts.

The following code will throw an exception if a username is passed in DOMAIN\Username format

"LdapException: A local error occurred." 

     var ctx = new PrincipalContext(ContextType.Domain);
    if (ctx.ValidateCredentials(username,password , ContextOptions.Negotiate))
    {

    }
于 2012-08-02T00:12:34.853 に答える