IIS 7.5中的Windows身份验证因信任关系异常而失败
[英]Windows Authentication in IIS 7.5 Fails with Trust Relationship Exception
问题描述
I have an ASP.Net 2.0 application that uses integrated Windows Authentication to authenticate/authorize users. 
我有一个ASP.Net 2.0应用程序,它使用集成的Windows身份验证来验证/授权用户。 The application works fine on Windows XP/IIS 5.1, Windows Server 2008/IIS 7, and Windows Vista/IIS 7. When I try to run this application on Windows 7/IIS 7.5, I get the following exception: The trust relationship between this workstation and the primary domain failed. 该应用程序在Windows XP / IIS 5.1,Windows Server 2008 / IIS 7和Windows Vista / IIS 7上运行正常。当我尝试在Windows 7 / IIS 7.5上运行此应用程序时,我得到以下异常: The trust relationship between this workstation and the primary domain failed.
The stack trace is as follows: 堆栈跟踪如下:
[SystemException: The trust relationship between this workstation and the primary domain failed.
]
System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1085
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +46
System.Security.Principal.WindowsPrincipal.IsInRole(String role) +128
System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +229
System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +354
System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +245
System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +11153304
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
The web.config file contains the following information related to authentication/authorization: web.config文件包含与身份验证/授权相关的以下信息:
<authentication mode="Windows" />
<authorization>
<!--Deny anonymous users-->
<deny users="?"/>
<allow roles="domain\GroupWithAccess"/>
<deny users="*"/>
</authorization>
Most of the results I found when researching this error state that the problem is related to a broken computer account in the domain and list the solution as re-joining the domain. 我在研究此错误时发现的大多数结果表明问题与域中的计算机帐户损坏有关,并将解决方案列为重新加入域。 I've done this but the error still appears. 我已经这样做但错误仍然出现。 "Normal" domain operations work fine (accessing UNC shares, logging in, etc.). “正常”域操作正常(访问UNC共享,登录等)。
This application runs in the Classic .Net AppPool for compatibility reasons. 出于兼容性原因,此应用程序在Classic .Net AppPool中运行。 I tried changing the identity of the AppPool to "NetworkService" but the error still persists. 我尝试将AppPool的身份更改为“NetworkService”,但错误仍然存在。
Any help is greatly appreciated. 任何帮助是极大的赞赏。
2 个解决方案
解决方案1
5 已采纳 2009-11-25 00:14:31
I finally found an answer to this after experiencing the same problem on Windows Server 2008 R2. 在Windows Server 2008 R2上遇到同样的问题后,我终于找到了答案。 From this article : 从这篇文章 :
Disable the following policies on the Windows 2008 R2 server, run gpupdate /force and restart the server.
"Computer Configuration\\Windows Setting\\Security Settings\\Local Policies\\Security Option"
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally encrypt secure channel data (When possible)
Domain Member: Digitally sign secure channel data (When possible)
I can confirm that this fixed the problem on Windows 7 as well. 我可以确认这也解决了Windows 7上的问题。
解决方案2
1 2010-08-02 14:00:37
I'm adding this for future reference: 我正在添加这个以供将来参考:
"Error 1789 when you use the LookupAccountName function on a computer that is running Windows 7 or Windows Server 2008 R2" “在运行Windows 7或Windows Server 2008 R2的计算机上使用LookupAccountName函数时出现错误1789”
http://support.microsoft.com/kb/976494 http://support.microsoft.com/kb/976494
That might be a solution to the problem as well. 这也可能是解决问题的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.