使用C#对网域账号(Domain)验证方案:
一、使用advapi32.dll动态库
[DllImport("advapi32.dll")]
private static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
const int LOGON32_LOGON_INTERACTIVE = 2; //通过网络验证账户合法性
const int LOGON32_PROVIDER_DEFAULT = 0; //使用默认的Windows 2000/NT NTLM验证方
public static bool CheckADAccount(string account, string password)
{
IntPtr tokenHandle = new IntPtr(0);
tokenHandle = IntPtr.Zero;
string domainName = "dpbg";
if (LogonUser(account, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle))
return true;
return false;
}
注意使用该动态库可能会导致 服务Local Security Authority Process 内存异常升高且无法回收现象
二、使用 System.DirectoryServices
/// <summary>
/// 验证网域账号
/// </summary>
/// <param name="account">账号</param>
/// <param name="password">密码</param>
/// <param name="domain">网域</param>
/// <param name="name">姓名</param>
/// <returns></returns>
public static bool CheckADAccountNew(string account, string password, string domain, out string name)
{
name = "";
using (DirectoryEntry deUser = new DirectoryEntry(@"LDAP://" + domain, account, password))
{
DirectorySearcher src = new DirectorySearcher(deUser);
src.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + account + "))";
src.PropertiesToLoad.Add("cn");
src.SearchRoot = deUser;
src.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = src.FindOne();
if (result != null)//验证成功
{
if (result.Properties["cn"] != null)//依据实际属性获取用户信息
{
name = result.Properties["cn"][0].ToString();
}
return true;
}
return false;
}
catch
{
return false;
}
}
}
注意如果域内账号较多时,验证不存在的账号速度较慢且不会验证密码的有效期
三、使用System.DirectoryServices.AccountManagement
/// <summary>
/// 验证网域账号
/// </summary>
/// <param name="account">账号</param>
/// <param name="password">密码</param>
/// <param name="domain">网域</param>
/// <param name="name">姓名</param>
/// <returns></returns>
public static bool CheckADAccountNew(string account, string password, string domain, out string name)
{
name = "";
using (var domainContext = new PrincipalContext(ContextType.Domain, domain))
{
using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, account))
{
if (foundUser == null)
{
return false;
}
name = foundUser.Name;
if (domainContext.ValidateCredentials(account, password))
{
return true;
}
else
{
return false;
}
}
}
}
注意该方法不会验证密码的有效期