LDAP 身份验证仅适用于管理员帐户

Question

我已经为 Active Directory LDAP 用户的身份验证编写了代码。它对 AD 中的所有用户帐户进行身份验证，但我只想要管理员帐户身份验证而不是其他用户帐户（见下面的代码）。还找到连接 DNS 的域名（参考附图片）。

        try
        {
            DirectoryEntry entry = new DirectoryEntry(Domain, UserName, Password);
            object nativeObject = entry.NativeObject;
            Program.fileWrite.WriteLine(DateTime.Now + "\t Login with credentials " + UserName + " and " + Password);
            return true;
        }
        catch (DirectoryServicesCOMException e)
        {
            Program.fileWrite.WriteLine(DateTime.Now + "\t " + e.Message);
            return false;
        }

Answer 1

试试这个代码：

    public static bool ValidateCredential(string domain, string userName, string password)
    {
        using (var context = new PrincipalContext(ContextType.Domain, domain))
        {
            using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName))
            {
                if (user == null) return false;

                using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "Domain Admins"))
                {
                    if (group == null) return false;

                    foreach (var member in group.GetMembers())
                    {
                        if (member.Sid.Equals(user.Sid))
                        {
                            return context.ValidateCredentials(userName, password);
                        }
                    }
                }
            }
        }

        return false;
    }