使用C#对网域账号(Domain)验证方案:
一、使用advapi32.dll动态库
[DllImport("advapi32.dll")]
private static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
const int LOGON32_LOGON_INTERACTIVE = 2; //通过网络验证账户合法性
const int LOGON32_PROVIDER_DEFAULT = 0; //使用默认的Windows 2000/NT NTLM验证方public static bool CheckADAccount(string account, string password)
{IntPtr tokenHandle = new IntPtr(0);tokenHandle = IntPtr.Zero;string domainName = "dpbg";if (LogonUser(account, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle))return true;return false;
}
注意使用该动态库可能会导致 服务Local Security Authority Process 内存异常升高且无法回收现象
二、使用 System.DirectoryServices
/// <summary>
/// 验证网域账号
/// </summary>
/// <param name="account">账号</param>
/// <param name="password">密码</param>
/// <param name="domain">网域</param>
/// <param name="name">姓名</param>
/// <returns></returns>
public static bool CheckADAccountNew(string account, string password, string domain, out string name)
{name = "";using (DirectoryEntry deUser = new DirectoryEntry(@"LDAP://" + domain, account, password)){DirectorySearcher src = new DirectorySearcher(deUser);src.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + account + "))";src.PropertiesToLoad.Add("cn");src.SearchRoot = deUser;src.SearchScope = SearchScope.Subtree;try{SearchResult result = src.FindOne();if (result != null)//验证成功{if (result.Properties["cn"] != null)//依据实际属性获取用户信息{name = result.Properties["cn"][0].ToString();}return true;}return false;}catch{return false;}}
}
注意如果域内账号较多时,验证不存在的账号速度较慢且不会验证密码的有效期
三、使用System.DirectoryServices.AccountManagement
/// <summary>
/// 验证网域账号
/// </summary>
/// <param name="account">账号</param>
/// <param name="password">密码</param>
/// <param name="domain">网域</param>
/// <param name="name">姓名</param>
/// <returns></returns>
public static bool CheckADAccountNew(string account, string password, string domain, out string name)
{name = "";using (var domainContext = new PrincipalContext(ContextType.Domain, domain)){using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, account)){if (foundUser == null){return false;}name = foundUser.Name;if (domainContext.ValidateCredentials(account, password)){return true;}else{return false;}}}
}
注意该方法不会验证密码的有效期