在windows集成身份验证登录成功之后,需要获取active directory上成功登陆用户的个人信息,比如mail,telephoneNumber,mobile等。因为集成登录的时候输入过用户名密码,在链接active directory的时候不想再次输入。
windows集成身份验证模式下,登录用户的密码是无法取到的。所以用CredentialCache.DefaultCredentials的方式。
但是localhost调试模式下,可以取得本机域用户的信息,但是用ip访问,则跳错。在网上看了很多文章,没有找到一个解决办法。有哪位高人成功解决了这个问题吗?
不吝赐教! public void getUserInfo(string ad_server,string domain,string user_name)
{
try {
LdapDirectoryIdentifier ldapi = new LdapDirectoryIdentifier(ad_server);
NetworkCredential nc = (NetworkCredential)CredentialCache.DefaultCredentials;
//如果用下面的方式,设置正确的用户密码,可以得到user_name对应的ad里面的详细信息。但是通过传递CredentialCache.DefaultCredentials的认证凭证,失败!
NetworkCredential nc2 = new NetworkCredential(user_name, "", domain); LdapConnection ldapconn = new LdapConnection(ldapi, nc, AuthType.Ntlm);
ldapconn.Bind(); //search
string filter = "(SAMAccountName=" + user_name + ")";
string search_base = string.Empty;
foreach (string dc in domain.Split('.'))
{
search_base = search_base + ",DC=" + dc;
}
search_base = search_base.Substring(1);
SearchRequest srequest = new SearchRequest(search_base, filter, System.DirectoryServices.Protocols.SearchScope.Subtree);
logger.Info("base: " + srequest.DistinguishedName);
logger.Info("filter: " + srequest.Filter);
SearchResponse sresponse = (SearchResponse)ldapconn.SendRequest(srequest); if (sresponse.Entries.Count > 0)
{
SearchResultEntry entry = sresponse.Entries[0];
//userPrincipalName
_loginUser = getAttribute(entry.Attributes["userPrincipalName"]);
_loginUser = !_loginUser.Equals("") ? _loginUser.Substring(0, _loginUser.IndexOf('@')) : "";
//givenName
_firstName = getAttribute(entry.Attributes["givenName"]);
//sn
_lastName = getAttribute(entry.Attributes["sn"]);
//telephoneNumber
_telephone = getAttribute(entry.Attributes["telephoneNumber"]);
//mobile
_mobile = getAttribute(entry.Attributes["mobile"]);
//mail
_mail = getAttribute(entry.Attributes["mail"]);
//
}
}
catch (Exception ex)
{
logger.Error(ex.Message);
logger.Error(ex.StackTrace);
throw ex;
}
}
windows集成身份验证模式下,登录用户的密码是无法取到的。所以用CredentialCache.DefaultCredentials的方式。
但是localhost调试模式下,可以取得本机域用户的信息,但是用ip访问,则跳错。在网上看了很多文章,没有找到一个解决办法。有哪位高人成功解决了这个问题吗?
不吝赐教! public void getUserInfo(string ad_server,string domain,string user_name)
{
try {
LdapDirectoryIdentifier ldapi = new LdapDirectoryIdentifier(ad_server);
NetworkCredential nc = (NetworkCredential)CredentialCache.DefaultCredentials;
//如果用下面的方式,设置正确的用户密码,可以得到user_name对应的ad里面的详细信息。但是通过传递CredentialCache.DefaultCredentials的认证凭证,失败!
NetworkCredential nc2 = new NetworkCredential(user_name, "", domain); LdapConnection ldapconn = new LdapConnection(ldapi, nc, AuthType.Ntlm);
ldapconn.Bind(); //search
string filter = "(SAMAccountName=" + user_name + ")";
string search_base = string.Empty;
foreach (string dc in domain.Split('.'))
{
search_base = search_base + ",DC=" + dc;
}
search_base = search_base.Substring(1);
SearchRequest srequest = new SearchRequest(search_base, filter, System.DirectoryServices.Protocols.SearchScope.Subtree);
logger.Info("base: " + srequest.DistinguishedName);
logger.Info("filter: " + srequest.Filter);
SearchResponse sresponse = (SearchResponse)ldapconn.SendRequest(srequest); if (sresponse.Entries.Count > 0)
{
SearchResultEntry entry = sresponse.Entries[0];
//userPrincipalName
_loginUser = getAttribute(entry.Attributes["userPrincipalName"]);
_loginUser = !_loginUser.Equals("") ? _loginUser.Substring(0, _loginUser.IndexOf('@')) : "";
//givenName
_firstName = getAttribute(entry.Attributes["givenName"]);
//sn
_lastName = getAttribute(entry.Attributes["sn"]);
//telephoneNumber
_telephone = getAttribute(entry.Attributes["telephoneNumber"]);
//mobile
_mobile = getAttribute(entry.Attributes["mobile"]);
_mail = getAttribute(entry.Attributes["mail"]);
//
}
}
catch (Exception ex)
{
logger.Error(ex.Message);
logger.Error(ex.StackTrace);
throw ex;
}
}
http://topic.csdn.net/t/20030724/17/2068088.html
还申请添加了楼主和laucer仁兄为好友,希望知道这个问题答案的人帮忙指点迷津。
<authentication mode="Windows"/>
<identity impersonate="true"/>
ad_server:active directory的IP,比如:202.22.22.33
domain:域名,例如:test.csdn.net
username:域用户名SearchRequest类的三个参数:
search_base:将domain转换后的文字串,如:"DC=test,DC=csdn,DC=net"
filter:过滤器,如:"(SAMAccountName=test0001"
SearchScope:搜索范围
我也是 在操作 exchange的时候遇到这个问题
不能得到 凭证
在 localhost的情况下 没有问题
换成了 IP就报错了 没有得到凭证!
楼主 你知道了答案也请给我 说一下 谢谢了!
我QQ 471278829