If you're using .net 3.5 use this code instead.

如果您使用 .net 3.5，请改用此代码。

To authenticate a user:

要验证用户：

PrincipalContext adContext = new PrincipalContext(ContextType.Domain);

using (adContext)
{
     return adContext.ValidateCredentials(UserName, Password);
}

If you need to find the user to R/W attributes to the object do this:

如果您需要查找对象的 R/W 属性，请执行以下操作：

PrincipalContext context = new PrincipalContext(ContextType.Domain);
UserPrincipal foundUser = 
    UserPrincipal.FindByIdentity(context, "jdoe");

This is using the System.DirectoryServices.AccountManagement namespace so you'll need to add it to your using statements.

这是使用 System.DirectoryServices.AccountManagement 命名空间，因此您需要将其添加到 using 语句中。

If you need to convert a UserPrincipal object to a DirectoryEntry object to work with legacy code you can do this:

如果您需要将 UserPrincipal 对象转换为 DirectoryEntry 对象以使用遗留代码，您可以执行以下操作：

DirectoryEntry userDE = (DirectoryEntry)foundUser.GetUnderlyingObject();

Does binding to LDAP require elevated privs (UAC)? You could try running Visual Studio and/or the app as Administrator and see if that helps. If that's the problem you could always add a manifest to the application and set it to require elevation, that way it will prompt when a user runs it.

绑定到 LDAP 是否需要提升权限 (UAC)？您可以尝试以管理员身份运行 Visual Studio 和/或应用程序，看看是否有帮助。如果这是问题，您可以随时向应用程序添加清单并将其设置为需要提升，这样它就会在用户运行时提示。

Not sure why it would require elevated privs, but it's worth a shot.

不知道为什么它需要提升权限，但值得一试。

I figured it out anyhow If you pass in the domain with the username on vista it does not work like "domain\user" so just passing "user" instead seems to work okay - except you have to be on the same domain

无论如何我想通了如果你在vista上使用用户名传入域，它不像“域\用户”那样工作，所以只传递“用户”似乎可以正常工作 - 除非你必须在同一个域中

I found that same code floating around the Internet on multiple websites and it didn't work for me. Steve Evans is probably right that if you're on .NET 3.5, you should not use this code. But if you ARE still on .NET 2.0 you can try this to Authenticate to your AD services:

我发现相同的代码在多个网站上漂浮在互联网上，但对我不起作用。Steve Evans 可能是对的，如果您使用的是 .NET 3.5，则不应使用此代码。但是，如果您仍在使用 .NET 2.0，您可以尝试使用以下方法对您的 AD 服务进行身份验证：

DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, 
   userName, password, 
   AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer);
object nativeObject = entry.NativeObject;

The first line creates a DirectoryEntry object using domain, username, and password. It also sets the AuthenticationTypes. Notice how I'm setting both Secure (Kerberos) Authentication and SSL using the "Bitwise OR" ( '|' ) operator between the two parameters.

第一行使用域、用户名和密码创建一个 DirectoryEntry 对象。它还设置 AuthenticationTypes。请注意我如何在两个参数之间使用“按位或”( '|' ) 运算符设置安全 (Kerberos) 身份验证和 SSL。

The second line forces the NativeObject of "entry" to Bind to the AD services using the information from the first line.

第二行使用第一行中的信息强制“条目”的 NativeObject 绑定到 AD 服务。

If an exception is thrown, then the credentials (or settings) were bad. If no exception, you're authenticated. The exception message will usually indicate what went wrong.

如果抛出异常，则凭据（或设置）是错误的。如果没有例外，则您已通过身份验证。异常消息通常会指出哪里出了问题。

This code is pretty similar to what you already have, but the domain is used where you have "path", and the username is not combined with the domain. Be sure to set your AuthenticationTypes properly, too. This can make or break the ability to authenticate.

此代码与您已有的代码非常相似，但域用于您具有“路径”的位置，并且用户名未与域组合。确保也正确设置您的 AuthenticationTypes。这可以成就或破坏身份验证的能力。