[英]C# Active Directory PrincipalContext / UserPrincipal.IsMemberOf error
So I have a question I'm honestly not quite sure how to ask.所以我有一个问题,老实说,我不太确定该怎么问。 Essentially I have a bit of code that works fantastically on my local machine when I run it.
基本上,当我运行它时,我有一些代码在我的本地机器上运行得非常好。 Once I publish it to our development web server, it fails.
一旦我将它发布到我们的开发 Web 服务器,它就会失败。 I'm not sure if it's an IIS setup issue, web.config issue or a coding issue.
我不确定这是 IIS 设置问题、web.config 问题还是编码问题。
Here's the snippet of code这是代码片段
bool isMember = false;
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim()))
{
isMember = true;
}
return isMember;
Where I pass in a user name and a group and it tells me if that user's a member in that group.我传入用户名和组的地方,它告诉我该用户是否是该组的成员。 No problem.
没问题。 Works great on my machine.
在我的机器上运行良好。 I went to publish that code to the webserver and it fails when it hits the line
我去将该代码发布到网络服务器,但它在上线时失败了
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
it throws this error:它抛出这个错误:
[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
[DirectoryServicesCOMException (0x80072020): 发生操作错误。]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788
System.DirectoryServices.DirectoryEntry.Bind() +44System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29System.DirectoryServices.PropertyValueCollection.PopulateList() +29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +63System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +63
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +521217System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +521217
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +141System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +141
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +29System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95
Cosmic.Web.Login.btnSubmit_Click(Object sender, EventArgs e) in C:\\cosmic\\Cosmic.Web\\Login.aspx.cs:79Cosmic.Web.Login.btnSubmit_Click(Object sender, EventArgs e) 在 C:\\cosmic\\Cosmic.Web\\Login.aspx.cs:79
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3691System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3691
Any ideas where this could be failing?这可能会失败的任何想法?
My first guess would be: that user account you're running this code under doesn't have the necessary permissions to query Active Directory.我的第一个猜测是:您在其下运行此代码的用户帐户没有查询 Active Directory 的必要权限。
To fix this, basically you need to change your constructor from this:要解决这个问题,基本上你需要改变你的构造函数:
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);
(establishes a connection to AD with the current, default credentials this code is running under) (使用此代码运行的当前默认凭据建立与 AD 的连接)
to this:对此:
PrincipalContext ADDomain =
new PrincipalContext(ContextType.Domain, "DOMAIN", useraccount, password);
and provide a username and password for a user account that you know has sufficient privileges to query Active Directory.并为您知道有足够权限查询 Active Directory 的用户帐户提供用户名和密码。
If you've got several seconds to spare waiting for your data form a large AD, then go ahead and use PrincipalContext but if you want your response in milliseconds, use DirectoryEntry, DirectorySearcher and .PropertiesToLoad.如果您有几秒钟的时间等待来自大型 AD 的数据,请继续使用 PrincipalContext,但如果您希望以毫秒为单位进行响应,请使用 DirectoryEntry、DirectorySearcher 和 .PropertiesToLoad。
Here's an example这是一个例子
https://stackoverflow.com/a/65986796/5248400 https://stackoverflow.com/a/65986796/5248400
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.