“指定的域不存在或无法联系”

发布于 2024-08-08 16:27:50 字数 2195 浏览 4 评论 0原文

我正在尝试将集成 Windows 身份验证与 DirectorySearcher 结合使用来识别和验证 Intranet 用户。

我设法获得了一些相当简单的代码,似乎可以解决问题,但是当我在实时服务器上尝试时,出现以下错误:

“指定的域不存在或无法联系”

我无法调试该应用程序位于实时服务器上,因此我将其复制到旧的开发服务器上进行测试。当我正常运行应用程序时,它出现了同样的错误,所以我尝试在 VS 中进行调试......但它工作得很好。

我怀疑这与模拟或 LDAP 调用有关 - 显然,当它适用于调试器时,很难确定真正的问题是什么。

但我想你们中的一个人能够为我指明正确的方向。

我的身份验证类的片段:

Private Function GetUserID() As String
    Dim sID As String = HttpContext.Current.User.Identity.Name
    Return Mid(sID, InStr(sID, "\") + 1)
End Function

Private Function GetDisplayName() As String
    Dim oSearcher As New DirectorySearcher
    Dim oResult As SearchResult
    Dim sName As String = String.Empty

    With oSearcher
        .Filter = String.Format("(SAMAccountName={0})", _UserID)
        .PropertiesToLoad.Add("displayName")
        oResult = .FindOne()
        If Not oResult Is Nothing Then
            sName = oResult.Properties("displayName")(0).ToString()
        End If
    End With

    Return sName
End Function
Private Function GetEmail() As String
    Dim oSearcher As New DirectorySearcher
    Dim oResult As SearchResult
    Dim sEmail As String = String.Empty

    With oSearcher
        .Filter = String.Format("(SAMAccountName={0})", _UserID)
        .PropertiesToLoad.Add("mail")
        oResult = .FindOne()
        If Not oResult Is Nothing Then
            sEmail = oResult.Properties("mail")(0).ToString()
        End If
    End With

    Return sEmail

End Function

Private Function GetGroups() As StringCollection
    Dim oSearcher As New DirectorySearcher
    Dim oResult As SearchResult
    Dim colGroups As New StringCollection
    Dim i As Int16

    With oSearcher
        .Filter = String.Format("(cn=" & _UserName & ")", _UserID)
        .PropertiesToLoad.Add("memberOf")
        oResult = .FindOne()

        If Not oResult Is Nothing Then
            Dim iGroupCount As Int16 = oResult.Properties("memberOf").Count

            For i = 0 To iGroupCount - 1
                colGroups.Add(oResult.Properties("memberOf")(i).ToString())
            Next

        End If
    End With

    Return colGroups
End Function

I'm trying to use Integrated Windows Authentication combined with a DirectorySearcher to identify and authenticate the intranet user.

I'd managed to get some fairly simple code that seemed to do the trick, but when I tried on the live server I get the following error:

"The specified domain either does not exist or could not be contacted"

I can't debug the app on the live server so I copied it across to an old development server to test there. When I ran the app normally, it came up with the same error, so the I tried debugging in VS.... except it worked perfectly.

I suspect it's something to do with impersonation or to do with the LDAP call - obviously when it works for the debugger it's hard to be sure what the real problem is.

But I figured one of you guys will be able to point me in the right direction.

Snippets from my authentication class:

Private Function GetUserID() As String
    Dim sID As String = HttpContext.Current.User.Identity.Name
    Return Mid(sID, InStr(sID, "\") + 1)
End Function

Private Function GetDisplayName() As String
    Dim oSearcher As New DirectorySearcher
    Dim oResult As SearchResult
    Dim sName As String = String.Empty

    With oSearcher
        .Filter = String.Format("(SAMAccountName={0})", _UserID)
        .PropertiesToLoad.Add("displayName")
        oResult = .FindOne()
        If Not oResult Is Nothing Then
            sName = oResult.Properties("displayName")(0).ToString()
        End If
    End With

    Return sName
End Function
Private Function GetEmail() As String
    Dim oSearcher As New DirectorySearcher
    Dim oResult As SearchResult
    Dim sEmail As String = String.Empty

    With oSearcher
        .Filter = String.Format("(SAMAccountName={0})", _UserID)
        .PropertiesToLoad.Add("mail")
        oResult = .FindOne()
        If Not oResult Is Nothing Then
            sEmail = oResult.Properties("mail")(0).ToString()
        End If
    End With

    Return sEmail

End Function

Private Function GetGroups() As StringCollection
    Dim oSearcher As New DirectorySearcher
    Dim oResult As SearchResult
    Dim colGroups As New StringCollection
    Dim i As Int16

    With oSearcher
        .Filter = String.Format("(cn=" & _UserName & ")", _UserID)
        .PropertiesToLoad.Add("memberOf")
        oResult = .FindOne()

        If Not oResult Is Nothing Then
            Dim iGroupCount As Int16 = oResult.Properties("memberOf").Count

            For i = 0 To iGroupCount - 1
                colGroups.Add(oResult.Properties("memberOf")(i).ToString())
            Next

        End If
    End With

    Return colGroups
End Function

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

俏︾媚 2024-08-15 16:27:50

我发现使用 System.DirectoryServices.AccountManagement 命名空间来处理此类事情要容易得多,在您的情况下,UserPrincipal 类是您的朋友。

Private Function GetEmail() As String
        Dim pc As PrincipalContext = new PrincipalContext(ContextType.Domain)
        Dim wi As WindowsIdentity = HttpContext.Current.User.Identity
        Dim up As UserPrincipal = UserPrincipal.FindByIdentity(pc, wi.Name)

        Return up.EmailAddress
End Function

I've found it much easier to use the System.DirectoryServices.AccountManagement namespace for this kind of thing, in your case the UserPrincipal class is your friend.

Private Function GetEmail() As String
        Dim pc As PrincipalContext = new PrincipalContext(ContextType.Domain)
        Dim wi As WindowsIdentity = HttpContext.Current.User.Identity
        Dim up As UserPrincipal = UserPrincipal.FindByIdentity(pc, wi.Name)

        Return up.EmailAddress
End Function
倾城泪 2024-08-15 16:27:50

我曾经遇到过同样的问题,我发现错误的原因是url的写法。

使用 AD 和 ADSI 时,请确保使用“大写”路径。正如我从您的代码中看到的,您将“cn”写为小写。 [GetGroups 函数]

我尝试的另一种方法是确保您正确使用正在使用的“连接字符串”。

LDAP://CN=" + 用户名 + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";

变成

LDAP://组织名称< /strong>.ad.root/CN=" + 用户名 + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";

其中“orgname”是运行 AD 的服务器名称。

希望这有帮助。

I once had the same problem and I figured out that the cause of error was the way the url was written.

When using AD and ADSI ensure you are using "UPPER CASE" paths. As I can see from your code you are writing "cn" as lower case. [GetGroups function]

Another way I would try is to ensure that you are making a proper use of the "connectionstring" you are using.

LDAP://CN=" + username + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";

becomes

LDAP://orgname.ad.root/CN=" + username + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";

where "orgname" it's the server name where AD is running on.

Hope this helps.

江湖彼岸 2024-08-15 16:27:50

这是实现相同功能的另一种方法:

string fullPath = "LDAP://abc.xyz.com/DC=xyz, DC=com";
AuthenticationTypes authType = AuthenticationTypes.None;
DirectoryEntry verifiedUser = new DirectoryEntry(fullPath, txtUserName.Text.Trim(), txtPassword.Text.Trim(), authType);
verifiedUser.RefreshCache();
isAuthorisedUser = true;

这对我有用。

Here is another way of achieving the same functionality:

string fullPath = "LDAP://abc.xyz.com/DC=xyz, DC=com";
AuthenticationTypes authType = AuthenticationTypes.None;
DirectoryEntry verifiedUser = new DirectoryEntry(fullPath, txtUserName.Text.Trim(), txtPassword.Text.Trim(), authType);
verifiedUser.RefreshCache();
isAuthorisedUser = true;

This worked for me.

回眸一笑 2024-08-15 16:27:50

这很可能是一个权限问题:在您的开发计算机上进行本地测试时,它可以工作,因为您使用您的帐户访问了 AD。在实时服务器上,您可能在无权访问 AD 的服务帐户下运行应用程序。

It is likely that this is a permissions issue: when testing locally on your development machine it worked because you accessed AD with your account. On the Live server, you probably run the application under a service account which does not have access to AD.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文