问题描述

过去几个小时我一直被一个烦人的 Active Directory 问题困扰.

I've been stuck for the last couple of hours on an annoying Active Directory bit.

我想要完成的是通过 SSL 上的 LDAP 连接到 Active Directory.身份验证类型是匿名的.我使用的是 .NET Framework 4.0、C# 和 Visual Studio 2010.

What I'm trying to accomplish is connect to an Active Directory via LDAP over SSL. The authentication type is anonymous. I'm using .NET Framework 4.0, C# and Visual Studio 2010.

以下代码应根据各种在线资源工作.但它不断出现惊人的不言自明的:未知错误 (0x80005000)".

The following code should work according to various online resources. But it keeps coming up with the amazing self-explanatory: 'Unknown Error (0x80005000)'.

DirectoryEntry entry = new DirectoryEntry();
entry.Path = "LDAPS://some.ldap.server:636";
entry.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;

DirectorySearcher searcher = new DirectorySearcher();
searcher.searchRoot = entry;
searcher.Filter = "(&(objectCategory=person)(objectClass=user))";

SearchResultCollection results = searcher.FindAll();

我已将要执行的实际查询简化为您在代码中找到的查询.但即使使用这个通用查询(它应该在每个 AD 上返回工作?)它也会返回错误.

I've simplified the actual query I want to perform to the one you find in the code. But even with this generic query (it should return work on every AD?) it returns the error.

推荐答案

终于！

似乎 ASP.NET 应用程序没有权限(或不知道如何)在机器级别检查受信任的证书存储.由于证书是自签名的，ASP.NET 应用程序拒绝建立连接.

It seems that an ASP.NET application does not have the rights (or doesn't know how) to examine the trusted certificate store at machine level. Since the certificate was self-signed the ASP.NET application refused to establish a connection.

我使用自定义证书验证解决了这个问题.以下代码发挥了作用:

I fixed the problem using custom certificate validation. The following code did the trick:

LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier("server", port));
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
con.Credential = new NetworkCredential(String.Empty, String.Empty);
con.AuthType = AuthType.Basic;
con.Bind();

由于我确定证书有效，ServerCallBack 方法如下所示:

Since I am sure the certificate is valid, the ServerCallBack method looks like this:

public static bool ServerCallBack(LdapConnection connection, X509Certificate certificate)
{
    return true;
}

但您当然可以随时从本地计算机检索证书并对其进行验证.

But you can always of course retrieve the certificate from the local machine and validate it.

本例中使用的命名空间是:

The namespace used in this example is:

System.DirectoryServices.Protocols;

这是因为命名空间:

System.DirectoryServices.DirectoryEntry

不包含自定义证书验证方法.

does not contain a method for custom certificate validation.

感谢大家的帮助和时间，希望这会在未来对某人有所帮助！

这篇关于LDAPS 连接出现未知错误 (0x80005000)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！