问题
I'm validating users in an Active Directory store as follows:
// using System.DirectoryServices.AccountManagement;
// located in System.DirectoryServices.AccountManagement.dll
using (var context = new PrincipalContext(ContextType.Domain, server, container,
ContextOptions.Negotiate, validateUsername, validatePassword))
{
var valid = context.ValidateCredentials(validateUsername, validatePassword);
if (valid)
{
Console.WriteLine("SUCCESS!");
using (var userContext = UserPrincipal.FindByIdentity(context,
IdentityType.SamAccountName, validateUsername))
{
Console.WriteLine("LastLogon = " + userContext.LastLogon);
}
}
else
Console.WriteLine("FAILED!");
}
The validation is successful, but the lastLogon value is never changed. It's essential that this value is changed when we authenticate a user in code due to other software using this value. I know ActiveDirectoryMembershipProvider authentication changes this property, so I'm wondering if there's a way I can use PrincipalContext (to reuse AD connections) but perform this validation to change the lastLogon value.
回答1:
Use lastLogonTimestamp. This is the field that gets updated in AD when you're attempting to connect via a PrincipalContext object.
来源:https://stackoverflow.com/questions/16606368/principalcontext-validatecredentials-doesnt-set-lastlogon-date-for-user