我这里的问题是如何处理的安全和适当的实施模拟的工作，并会从客户机和正确验证其传递仍然有效模拟售票随着LDAP请求我的IIS服务器。

My issue here is how to deal with security and a proper implementation of impersonation which will work from a client machine and authenticate properly to my IIS server which passes the still valid impersonation ticket along with the LDAP request.

我的系统是我公司内网运行它承载的域控制器，LDAP服务器等一个独立的服务器，并使用Kerberos协议。

My System is an independent server running on my company intranet which hosts the domain controller, LDAP server, etc, and uses Kerberos protocol.

下面是我的VB.NET方法。

Here is my VB.NET method.

Protected FirstName, LastName, EMail As String
Protected Sub Lookup(ByVal UserName As String)
    UserName = Trim(UserName)
    UserName = Replace(UserName, "\", "/")
    UserName = Right(UserName, Len(UserName) - InStr(1, UserName, "/"))

    Using (Hosting.HostingEnvironment.Impersonate) 'ADDED
        Dim directoryEntry As New DirectoryEntry("LDAP://dl/DC=dl,DC=net")
        'directoryEntry.AuthenticationType = AuthenticationTypes.Delegation 'REMOVED

        Dim ds As New DirectorySearcher(directoryEntry)
        Dim r As SearchResult
        Try
            ds.PropertiesToLoad.Add("givenName") 'First Name
            ds.PropertiesToLoad.Add("sn")        'Last Name
            ds.PropertiesToLoad.Add("mail")      'Email

            ds.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & UserName & "))"
            r = ds.FindOne 'Query LDAP; find record with UserName.

            'Populates all the variables retrieved from LDAP.
            FirstName = If(r.Properties.Contains("givenName"), Trim(r.Properties("givenName").Item(0)), "")
            LastName = If(r.Properties.Contains("sn"), Trim(r.Properties("sn").Item(0)), "")
            If IsNothing(r.Properties.Contains("mail")) Then
                EMail = If(r.Properties.Contains("userPrincipalName"), Trim(r.Properties("userPrincipalName").Item(0)), "")
            Else
                EMail = If(r.Properties.Contains("mail"), Trim(r.Properties("mail").Item(0)), "")
            End If
            EMail = EMail.ToLower
        Catch ex As Exception
            'Error Logging to Database Here
        End Try
    End Using
End Sub

请提出任何问题需要得到你需要帮我的信息。我一直在研究这个好几个星期，似乎模拟有变数，我可以很容易迷路这样一个疯狂的数字。我只是不知道如何实现这个在我的code ......我还是相当新的.NET：（

Please ask any questions necessary to get the information you need to help me. I've been researching this for weeks and it seems that Impersonation has such an insane number of variables that I could easily get lost. I just can't figure out how to implement this in my code... I'm still fairly new to .NET :(

推荐答案

您应该不需要配置 AuthenticationType 这个工作。但是，您将需要确保服务帐户（或者，如果网络服务的计算机帐户）主办高于code被允许委托给LDAP服务的所有环境中的区议会。

You shouldn't need to configure an AuthenticationType for this to work. You will however need to ensure that the service account (or computer account if network service) hosting the code above is allowed to delegate to the LDAP service on all of the DCs in your environment.