基于AD的用户验证.
//ADPath 格式为 LDAP://solong.com
DirectoryEntry deUser = new DirectoryEntry(ADPath, UserName, Password, AuthenticationTypes.Secure))
try {
// The NativeObject call on the DirectoryEntry object entry is an
//attempt to bind to the object in the directory.
// Since this call forces authentication, you will get an error if the
//user does not exist.
// If the user is a valid user in the domain, the call will succeed.
Object native = deUser.NativeObject; return true;//验证成功
} catch
{
return false;//验证失败
}
资料链接:
//http://blog.youkuaiyun.com/Drate/archive/2006/04/18/667506.aspx (关于AD验证的各种代码示范)
//http://www.c-sharpcorner.com/Code/2002/Sept/ADClass.asp (ADHelper - An Active Directory Class)
//http://dev.yesky.com/msdn/25/2341025.shtml (Visual C#编写网络应用程序一般会使用到知识,包括AD)
//http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpref/html/frlrfsystemdirectoryservicesdirectoryentryclassnativeobjecttopic.asp
//http://blog.youkuaiyun.com/ycl111/archive/2004/12/29/232880.aspx (从 ASP .NET 进行 Active Directory 身份验证 的例子)
AD里的一些属性:"accountExpires", "pwdLastSet" 等,在ADSIEDIT.msc中查看类型为LargerInteger,但不能通过DirectoryEntry属性直接读出,读他人一篇blog得到解决方法。添加com引用using ActiveDs;使用ActiveDs里的类型,强制转化属性的value为IADsLargeInteger类型,在调用GetLongValue方法转为long型,下面代码拷贝自引用blog。




























































用户是否可以远程登录属性的读取方法:
引用名称空间:using TSUSEREXLib;
先将DirectoryEntry 变成基本的adsi类型,然后再定义为IADsTSUserEx类型,在调用里面的方法。
object objAD = userDEntry.NativeObject ;
int k = ((IADsTSUserEx)objAD).AllowLogon;
//Value that specifies whether to allow remote observation or remote control of the user's
//Terminal Services session. Values include: "Disable" (0), "EnableInputNotify" (1),
//"EnableInputNoNotify" (2), "EnableNoInputNotify" (3), and "EnableNoInputNoNotify" (4).