stackoom
  简体   繁体   中英

how to make wcf service hosted in iis access another server active directory

 原文  2013-08-25 07:00:07       c#/ wcf/ security/ iis/ active-directory

Question

how to make wcf service hosted in iis access another server active directory

there are 2 servers 1- Application server which WCF service hosted on IIS 2- Active directory server all I want to do is make this WCF access active directory to add,edit or remove users

how to make the WCF service access the AD of another server in the same network I'm working on intranet portal where user can sign in with their Windows credentials "AD" and want to develop an administration page to add users to "AD"

the wcf services which create users in "AD" don't have permission to do it how could I do that ? 

    public bool AddActiveDirectoryUser(ADUser User)
    {
        string userLoginName = User.Email.Split("@".ToArray())[0];
        // Creating the PrincipalContext
        PrincipalContext principalContext = null;
        try
        {
            principalContext = new PrincipalContext(ContextType.Domain, ADServer, ADPath.Substring(ADPath.IndexOf("DC")), ADUser, ADPassword);

        }
        catch (Exception e)
        {
            WriteLog(e);
            return false;
        }


        UserPrincipal usr = UserPrincipal.FindByIdentity(principalContext, userLoginName);
        if (usr != null)
        {
            WriteLog(Enum.LogType.Error, userLoginName + " already exists. Please use a different Username.");
            return false;
        }

        // Create the new UserPrincipal object
        UserPrincipal userPrincipal = new UserPrincipal(principalContext);

        if (!string.IsNullOrEmpty(User.LastName) && User.LastName.Length > 0)
            userPrincipal.Surname = User.LastName;

        if (!string.IsNullOrEmpty(User.FirstName) && User.FirstName.Length > 0)
            userPrincipal.GivenName = User.FirstName;

        if (!string.IsNullOrEmpty(User.Email) && User.Email.Length > 0)
            userPrincipal.EmailAddress = User.Email;


        if (!string.IsNullOrEmpty(userLoginName) && userLoginName.Length > 0)
            userPrincipal.SamAccountName = userLoginName;

        userPrincipal.SetPassword("123456");

        userPrincipal.Enabled = true;
        userPrincipal.PasswordNeverExpires = true;

        try
        {
            userPrincipal.Save();

//here it throw an exception access denied !!!!? 

        }
        catch (Exception e)
        {
            WriteLog(e);
            return false;
        }
        return true;
    }

1 answers

solution1
 1 ACCPTED  2013-08-25 13:52:19

Ok, given the information you gave the problem is the following. The user you use to create the context doesn't have the enough permissions to perform these tasks. You need to grant permissions to this user on he OU the users are created in and all problems should go away.

Check this post for more information on the subject https://serverfault.com/questions/190566/what-permissions-are-needed-for-a-helpdesk-admin-to-create-users-in-ad

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to assess a Windows Service hosted WCF service from another WCF service hosted in IIS7? Default Directory in a WCF service that is hosted in IIS6? How to programmatically connect to a WCF service that is hosted in IIS WCF Service hosted on IIS running in context of physical directory How to access the web.config for a WCF service hosted in IIS from the code “inside” the service Cannot access wcf service hosted on iis from php with soapclient The lifecycle of WCF service hosted in IIS WCF Service hosted on IIS is not working How to give access to WCF web service hosted on IIS only for specific users? Access to different domain in active directory using C# .net application works in local machine but not when hosted in IIS server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM