使用Windows身份验证时IIS7.5中的LDAP错误
[英]LDAP Error in IIS7.5 while using windows Authentication
问题描述
I'm having facing problemind with LDAP, its bit strange one. 
我在使用LDAP时遇到问题,这有点奇怪。 My Web server is IIS7.5(windows server 2008 R2). 我的Web服务器是IIS7.5(Windows Server 2008 R2)。 Its configured to use windows Authentication. 其配置为使用Windows身份验证。 I've pasted my asp page below. 我在下面粘贴了我的asp页面。
Web browser is IE8, Have added the website to intranet zone and enabled send, user details if intranet zone in security tab->custom level. Web浏览器是IE8,已将网站添加到Intranet区域并在“安全性”选项卡->“自定义”级别中启用Intranet区域的发送,用户详细信息。 Intigrated windows authentication is enabled in advanced tab. 在高级选项卡中启用了Windows身份验证。
Everything works fine for 20minutes(Session time setiing and other default time out settings are for 20min). 一切正常运行20分钟(会话时间设置和其他默认超时设置为20分钟)。 After 20minutes I get it ASP runtime error. 20分钟后,我得到它ASP运行时错误。 Which says method or property memberOf for object objUser is not supported. 其中说不支持对象objUser的方法或属性memberOf。 When I get below error I change the Authentication type to basic Authentication. 当出现以下错误时,我将身份验证类型更改为基本身份验证。 It prompts for windows credentials and works fine. 它提示您输入Windows凭据,并且工作正常。 After that I again revert back to windows authentication. 之后,我再次回到Windows身份验证。 And it works for sometime. 而且它可以工作一段时间。
Not sure if IIS7.5 id configured with basic authentication enabled and IE8 configured as above, still why it prompts for windows Credential. 不确定是否已启用IIS7.5 id并启用了基本身份验证,并且是否已如上所述配置IE8,仍然无法提示输入Windows凭据的原因。 Though windows Authentication mode doesn't prompt for credential, It works fine but for certain period. 尽管Windows身份验证模式不提示输入凭据,但可以在一定时期内正常工作。 Can any one explain me why this strange behaviour and solution to fix this one? 谁能解释一下为什么这种奇怪的行为和解决方案呢?
<%@ LANGUAGE="VBSCRIPT" %>
<%
Option Explicit
Dim oADSysInfo
Dim objUser
Dim strGroupData
Dim strUserDN
Dim arrGroups
Dim strGroup
Dim wsObject
Dim netSys
Dim strUsrDomain
strGroupData = ""
Set wsObject = CreateObject("WScript.Shell")
Set netSys = CreateObject("WScript.Network")
strUsrDomain = netSys.UserDomain
Set oADSysInfo = CreateObject("ADSystemInfo")
If err.number <> 0 Then
'getLDAPGroupInfo = strGroupData
'wsObject.popup("Error"& e.decription)
'Exit Function
End If
strUserDN = oADSysInfo.UserName
Set objUser = GetObject("LDAP://"& strUserDN)
arrGroups = objUser.memberOf
If IsEmpty(arrGroups) Then
'Wscript.Echo "Member of no groups"
ElseIf (TypeName(arrGroups) = "String") Then
'Wscript.Echo "Member of group " & arrGroups
strGroupData = arrGroups
Else
For Each strGroup In arrGroups
strGroupData = strGroupData & "," & strGroup
Next
'strGroupData = arrGroups
End If
Response.Write(strGroupData)
%>
1 个解决方案
解决方案1
0 已采纳 2012-06-29 19:14:01
I employed rather simple solution. 我采用了相当简单的解决方案。
Solution I employed was as follows. 我采用的解决方案如下。
My Application is running under specific user identity(Physical path credential and Application pool idenity set to DNS account)
我的应用程序在特定的用户身份下运行(物理路径凭据和应用程序池标识设置为DNS帐户) I created another page with above code and ran under applcation pool identity(SPN) and there by created a primary token key between Active Directory server and Webserver server
我用上述代码创建了另一个页面,并在应用程序池标识(SPN)下运行,并在其中创建了Active Directory服务器和Web服务器服务器之间的主令牌密钥 Using that key I again connected to LDAP to query user related info by calling above code under virtual directory having windows authentication and and running under user identity, there by getting user details.
使用该密钥,我再次连接到LDAP,以通过在具有Windows身份验证并在用户身份下运行的虚拟目录下调用上述代码来查询与用户相关的信息,并在此获取用户详细信息。
If you are using asp.net programmatically impersonate user and get user detail from ldap and on application start create primary token by connecting ldap, The primary key persists till worker process is killed 如果您以编程方式使用asp.net来模拟用户并从ldap获取用户详细信息,并且在应用程序启动时通过连接ldap创建主令牌,则主键将一直保留到工作进程被杀死为止
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.