开发者

Validate against AD using email (not sAMAccountName)

开发者 https://www.devze.com 2023-02-09 22:30 出处:网络
Is there any way to authenticate against AD using the email field (and password, sure) ? I have both sAMAccountName and email set on my server but I have to validate u开发者_如何学Csing mail and not t

Is there any way to authenticate against AD using the email field (and password, sure) ? I have both sAMAccountName and email set on my server but I have to validate u开发者_如何学Csing mail and not the sAMAccountName.

I am using the following code to authenticate using sAMAccountName (it´s a Class Library, by the way...)

using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, DOMINIO))
{
      return pc.ValidateCredentials(sAMAccountName, Password);                
}


If you have a UPN (User Principal Name) set on each user and that is the same as the email address you should be able to use it straight away. The UPN is usually on the form firstname.lastname@domain. By default the domain name of the active directory is used, which often is something internal (giving e.g. UPN anders.abel@company.local). It is usually possible to register a new UPN suffix and setting the user's email address as UPN without breaking anything.

Otherwise you should be able to attach to the AD with a service account, do a search for the right user object based on the email field, retrive the sAMAccountName and logon using that.

0

精彩评论

暂无评论...
验证码 换一张
取 消