Novell.Directory.Ldap.NETStandard是一個在.NET Core中,既支持Windows平台,又支持Linux平台,進行Windows AD域操作的Nuget包。
首先我們新建一個.NET Core控制台項目:NetCoreLdap,並下載如下Nuget包:
Novell.Directory.Ldap.NETStandard
然后我們新建一個.NET Core類LDAPUtil,用來對域賬號進行驗證:
using System; using Novell.Directory.Ldap; namespace NetCoreLdap { /// <summary> /// LDAP工具類 /// </summary> public static class LDAPUtil { public static string Domain = "apac";//域名稱 public static string Host = "apac.contoso.com";//域服務器地址 public static string BaseDC = "DC=apac,DC=contoso,DC=com";//根據上面的域服務器地址,每個點拆分為一個DC,例如上面的apac.contoso.com,拆分后就是DC=apac,DC=contoso,DC=com public static int Port = 389;//域服務器端口,一般默認就是389 public static string DomainAdminUser = "admin";//域管理員賬號用戶名,如果只是驗證登錄用戶,不對域做修改,可以就是登錄用戶名 public static string DomainAdminPassword = "1qaz!QAZ";//域管理員賬號密碼,如果只是驗證登錄用戶,不對域做修改,可以就是登錄用戶的密碼 /// <summary> /// 驗證域用戶的賬號和密碼 /// </summary> /// <param name="username">域用戶的賬號</param> /// <param name="password">域用戶的密碼</param> /// <returns>true驗證成功,false驗證失敗</returns> public static bool Validate(string username, string password) { try { using (var conn = new LdapConnection()) { conn.Connect(Host, Port); conn.Bind(Domain + "\\" + DomainAdminUser, DomainAdminPassword);//這里用戶名或密碼錯誤會拋出異常LdapException var entities = conn.Search(BaseDC, LdapConnection.ScopeSub, $"sAMAccountName={username}",//注意一個多的空格都不能打,否則查不出來 new string[] { "sAMAccountName", "cn", "mail" }, false); string userDn = null; while (entities.HasMore()) { var entity = entities.Next(); var sAMAccountName = entity.GetAttribute("sAMAccountName")?.StringValue; var cn = entity.GetAttribute("cn")?.StringValue; var mail = entity.GetAttribute("mail")?.StringValue; Console.WriteLine($"User name : {sAMAccountName}");//james Console.WriteLine($"User full name : {cn}");//James, Clark [james] Console.WriteLine($"User mail address : {mail}");//james@contoso.com //If you need to Case insensitive, please modify the below code. if (sAMAccountName != null && sAMAccountName == username) { userDn = entity.Dn; break; } } if (string.IsNullOrWhiteSpace(userDn)) return false; conn.Bind(userDn, password);//這里用戶名或密碼錯誤會拋出異常LdapException // LdapAttribute passwordAttr = new LdapAttribute("userPassword", password); // var compareResult = conn.Compare(userDn, passwordAttr); conn.Disconnect(); return true; } } catch (LdapException ldapEx) { string message = ldapEx.Message; return false; } catch (Exception) { return false; } } } }
然后在.NET Core控制台項目的Main方法中調用LDAPUtil.Validate方法,來驗證一個AD賬戶:
using System; namespace NetCoreLdap { class Program { static void Main(string[] args) { string username = "james"; string password = "2wsx@WSX"; var loginFlag = LDAPUtil.Validate(username, password); if(loginFlag) { Console.WriteLine("User validate successfully!"); } else { Console.WriteLine("User validate unsuccessfully!"); } Console.ReadLine(); } } }