Thursday, 15 August 2013

c# - Authenticate user in Global Catalog -


I need to authenticate the user's Windows credentials, which is a user ID, domain and password in our Active Directory There are several domains, some that we can list using the following code:

  var domain = System.DirectoryServices.ActiveDirectory.Forest.GetCurrentForest (). Domain;  

However, we have users who are related to the domain outside the forest, although they are accessible to me from Global Catalog (GC) below code I get a directory entry for a user ID Allows to

  System.DirectoryServices.DirectoryEntry globalCatalogDE = New System.Directory Services. DirectoryEntreter ("GC: // DC = NSRO, DC = Net"); Var ds = new system Directory Services Directory Search (GlobalCaladEdED); Ds.Filter = "(and (objectClass = user) (sAMAccountName =" + userId + ")); System.DirectoryServices.DirectoryEntry userDE = ds.FindAll () [0] .GetDirectoryEntry ();  

How can I authenticate a user who comes under a domain that I can not use directly but is available to me in GC?

You can not authenticate a user by looking at the global catalog, it is only for searching ( Any feature marked with the isMemberOfPartialAttributeSet in the schema is repeated for GC for each domain).

Passwords are not replicated by it; Otherwise you will have the password of all users in the entire forest on each domain controller, which is much worse than the security and replication approach. You must establish a connection to the domain where the user's credentials are stored (i.e. you need access to LDAP port 389 or 636).


1 comment: