Chr*_*ris 4 ldap active-directory
我正在构建一个允许用户使用其Active Directory帐户登录的网站,我想告知用户他们的登录失败的原因.
登录通常会因错误的用户名/密码而失败,但由于过期密码或其帐户被锁定,它们也可能会失败.
我正在使用此代码执行登录:
public myCustomUserClass Login(string domainName, string username, string password)
{
string domainAndUsername = domainName + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(this._ldapPath, domainAndUsername, password);
myCustomUserClass user = new myCustomUserClass();
//Bind to the native AdsObject to force authentication.
try
{
object obj = entry.NativeObject;
// ...
return user;
}
catch (DirectoryServicesCOMException ex)
{
// why did the login fail?
}
catch (Exception ex)
{
// something else went wrong
}
}
当我收到a时DirectoryServicesCOMException,我可以访问有关该.ExtendedErrorMessage属性中失败的登录尝试的更多信息.到目前为止我看到的两个值是:
闭锁:
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 775, v1db1
坏用户名:
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
你可以看到data"属性"似乎是独一无二的.我可以编写提取它的代码,然后根据此编写一个开关.
我可以用任何地方列出这些代码,以确保我覆盖所有内容吗?
经过一天搜索微软资源后DirectoryServicesCOMException.ExtendedErrorMessage,我发现了一个措辞不同的问题:
:[LDAP:错误代码49 - 80090308:LdapErr:DSID-0C0903A9,注释:AcceptSecurityContext错误,数据773,v1db1]
它引用了此处的网站,其中包含以下几个代码:
http://www-01.ibm.com/support/docview.wss?uid=swg21290631
以下是错误代码列表:
525 - user not found
52e - invalid credentials
530 - not permitted to logon at this time
531 - not permitted to logon at this workstation
532 - password expired
533 - account disabled
534 - The user has not been granted the requested logon type at this machine
701 - account expired
773 - user must reset password
775 - user account locked
| 归档时间: |
|
| 查看次数: |
3980 次 |
| 最近记录: |