[英]how to make wcf service hosted in iis access another server active directory
how to make wcf service hosted in iis access another server active directory 如何使iis中托管的wcf服务访问另一个服务器活动目录
there are 2 servers 1- Application server which WCF service hosted on IIS 2- Active directory server all I want to do is make this WCF access active directory to add,edit or remove users 有2台服务器1台WCF服务托管在IIS上的应用服务器2台Active Directory服务器,我要做的就是使该WCF访问Active Directory添加,编辑或删除用户
how to make the WCF service access the AD of another server in the same network I'm working on intranet portal where user can sign in with their Windows credentials "AD" and want to develop an administration page to add users to "AD" 如何使WCF服务访问同一网络中另一台服务器的AD,我正在Intranet门户上工作,用户可以使用其Windows凭据“ AD”登录,并希望开发一个管理页面以将用户添加到“ AD”
the wcf services which create users in "AD" don't have permission to do it how could I do that ? 在“ AD”中创建用户的wcf服务无权执行该操作?
public bool AddActiveDirectoryUser(ADUser User)
{
string userLoginName = User.Email.Split("@".ToArray())[0];
// Creating the PrincipalContext
PrincipalContext principalContext = null;
try
{
principalContext = new PrincipalContext(ContextType.Domain, ADServer, ADPath.Substring(ADPath.IndexOf("DC")), ADUser, ADPassword);
}
catch (Exception e)
{
WriteLog(e);
return false;
}
UserPrincipal usr = UserPrincipal.FindByIdentity(principalContext, userLoginName);
if (usr != null)
{
WriteLog(Enum.LogType.Error, userLoginName + " already exists. Please use a different Username.");
return false;
}
// Create the new UserPrincipal object
UserPrincipal userPrincipal = new UserPrincipal(principalContext);
if (!string.IsNullOrEmpty(User.LastName) && User.LastName.Length > 0)
userPrincipal.Surname = User.LastName;
if (!string.IsNullOrEmpty(User.FirstName) && User.FirstName.Length > 0)
userPrincipal.GivenName = User.FirstName;
if (!string.IsNullOrEmpty(User.Email) && User.Email.Length > 0)
userPrincipal.EmailAddress = User.Email;
if (!string.IsNullOrEmpty(userLoginName) && userLoginName.Length > 0)
userPrincipal.SamAccountName = userLoginName;
userPrincipal.SetPassword("123456");
userPrincipal.Enabled = true;
userPrincipal.PasswordNeverExpires = true;
try
{
userPrincipal.Save();
//here it throw an exception access denied !!!!? //这里抛出异常访问被拒绝!!!!?
}
catch (Exception e)
{
WriteLog(e);
return false;
}
return true;
}
Ok, given the information you gave the problem is the following. 好的,鉴于您提供的问题信息如下。 The user you use to create the context doesn't have the enough permissions to perform these tasks.
您用于创建上下文的用户没有足够的权限来执行这些任务。 You need to grant permissions to this user on he OU the users are created in and all problems should go away.
您需要为此用户授予创建该用户的权限,所有问题都应消除。
Check this post for more information on the subject https://serverfault.com/questions/190566/what-permissions-are-needed-for-a-helpdesk-admin-to-create-users-in-ad 检查此帖子以获取有关该主题的更多信息https://serverfault.com/questions/190566/what-permissions-are-needed-for-a-helpdesk-admin-to-create-users-in-ad
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.