UserPrincipal.FindByIdentity() 总是返回 null

UserPrincipal.FindByIdentity() always returns null(UserPrincipal.FindByIdentity() 总是返回 null)
本文介绍了UserPrincipal.FindByIdentity() 总是返回 null的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我正在使用 LdapAuthentication 将用户登录到 Active Directory.我想找到用户所属的所有组.我正在使用以下代码:

I am using LdapAuthentication to log a user into Active Directory. I want to find all the groups that the user belongs to. I am using the following code:

string adPath = "LDAP://OU=HR Controlled Users,OU=All Users,DC=myDomain,DC=local";
LdapAuthentication adAuth = new LdapAuthentication(adPath);
try
{
    if (true == adAuth.IsAuthenticated("myDomain", txtLoginEmail.Text, txtLoginPassword.Text))
    {
        string email = txtLoginEmail.Text;

        using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
        {
            UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.Name, email);
            foreach (var group in user.GetGroups())
            {
                Console.WriteLine(group.Name);
            }
        }
    }
}
catch(Exception e) { /* Handle Error */ }

我的问题是,当我调用 UserPrincipal.FindByIdentity() 时,我总是得到一个空值,即使用户身份验证按预期工作.

My problem is that when I call UserPrincipal.FindByIdentity() I always get a null value, even though the user authentication works as intended.

为什么会这样?代码或我的方法有问题吗?这是在 ASP.NET 4.0 WebForms 应用程序中运行的.

Why is this happening? Is there a problem with the code or with my approach? This is running inside an ASP.NET 4.0 WebForms application.

更新:

显然我一直在使用错误的 IdentityType (cn).我在调试中检查,帐户名称是UserA".

Apparently I have been using the wrong IdentityType (cn). I checked in debug and the name of the account is "UserA".

所以我尝试手动使用以下代码:

So I tried using the following code manually:

UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.Name, "UserA");

但我仍然为空.

更新 2(已解决):

这个问题有两个方面.我需要在声明 PrincipalContext 时指定域控制器的名称.

The issue was two fold. I needed to specify the name of my domain controller when declaring the PrincipalContext.

using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "myDomain"))
{
   // code here...
}

然后,在搜索UserPrincipal 时,我使用了错误的IdentityType;我正在使用 IdentityType.Name - 这是帐户名称 - 而不是 IdentityType.SamAccountName - 这是用户名进行搜索.

Then, when searching for the UserPrincipal I was using the wrong IdentityType; I was searching with IdentityType.Name - which is the name of the account - instead of IdentityType.SamAccountName - which is the username.

UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, email);

问题已解决.

推荐答案

通过使用 IdentityType.Name,您告诉它您传递的值是帐户的名称(即是 cn 属性).如果要按用户名(sAMAccountName 属性)进行匹配,则需要传递 IdentityType.SamAccountName.

By using IdentityType.Name, you're telling it that the value you're passing is the name of the account (which is the cn attribute). If you want to match by username (the sAMAccountName atrribute), you'll need to pass IdentityType.SamAccountName.

旧答案:但是您似乎将电子邮件地址发送给它.所以这确实永远不会返回任何东西.

Old answer: But you seem to be sending it the email address. So that will indeed always return nothing.

AD 不认为电子邮件地址是唯一标识符,因此您不能将 FindByIdentity 与电子邮件地址一起使用.

AD does not consider an email address to be a unique identifier, so you cannot use FindByIdentity with an email address.

这是一个关于如何通过电子邮件地址搜索的示例:http://doogalbellend.blogspot.ca/2012/03/finding-userprincipal-for-email-address.html

Here is an example on how to search by email address: http://doogalbellend.blogspot.ca/2012/03/finding-userprincipal-for-email-address.html

这篇关于UserPrincipal.FindByIdentity() 总是返回 null的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

What#39;s the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?(从 WindowsIdentity 和 Thread.CurrentPrincipal 检索 WindowsPrincipal 之间有什么区别?)
How do I find a user#39;s Active Directory display name in a C# web application?(如何在 C# Web 应用程序中查找用户的 Active Directory 显示名称?)
How can I authenticate against Active Directory in Nancy?(如何在 Nancy 中对 Active Directory 进行身份验证?)
How to get a username in Active Directory from a display name in C#?(如何从 C# 中的显示名称获取 Active Directory 中的用户名?)
Oauth 2 token for Active Directory accounts(Active Directory 帐户的 Oauth 2 令牌)
Working with DirectoryServices in ASP.NET Core(在 ASP.NET Core 中使用 DirectoryServices)