[英]DirectorySearcher object data retrieving not working on Azure hosted application
This code used to work for me in order to retrieve the AD information of a user when passing ID by parameter.此代码曾经为我工作,以便在通过参数传递 ID 时检索用户的 AD 信息。
public UsersDTO GetUserFromActiveDirectoryByID(string userID)
{
DirectorySearcher ds = new DirectorySearcher();
ds.Filter = "(&(objectClass=user)(objectcategory=person)(name=" + userID + "))";
SearchResultCollection results = ds.FindAll();
SearchResult userProperty = results[0];
UsersDTO user = new UsersDTO();
if (userProperty.Properties["mail"].Count > 0)
{
user.fullName = userProperty.Properties["displayname"][0].ToString();
user.email = userProperty.Properties["mail"][0].ToString();
}
return user;
}
It worked while the application service was hosted in another server, but now that it has been migrated to Azure, the FindAll command (also FindOne was tested) returns "There was an error retrieving the data.","Status":400,"Detail":"Access is denied."当应用程序服务托管在另一台服务器上时它可以工作,但现在它已迁移到 Azure,FindAll 命令(也已测试 FindOne)返回“检索数据时出错。”,“状态”:400,详细信息":"访问被拒绝。"
You aren't setting the SearchRoot
of your DirectorySearcher
.您没有设置
DirectorySearcher
的SearchRoot
。 The documentation for SearchRoot
says: SearchRoot
的文档说:
If SearchRoot is a null reference (Nothing in Visual Basic), the search root is set to the root of the domain that your server is currently using.
如果 SearchRoot 是 null 引用(Visual Basic 中没有),则搜索根设置为您的服务器当前使用的域的根。
If the other server was joined to the domain that you are trying to search, then that's why it was working.如果另一台服务器已加入您尝试搜索的域,那么这就是它工作的原因。 But that is no longer true when you're on Azure.
但是,当您使用 Azure 时,情况就不再适用了。
So you need to specify the SearchRoot
to point it at your domain:因此,您需要指定
SearchRoot
以将其指向您的域:
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = new DirectoryEntry("LDAP://example.com");
This may also introduce issue of whether you can actually access your domain controllers from Azure.这也可能会引入您是否可以从 Azure 实际访问域控制器的问题。 You may need to open firewall rules to allow it, depending on how your environment is setup.
您可能需要打开防火墙规则以允许它,这取决于您的环境设置方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.