“指定的域不存在或无法联系”
我正在尝试将集成 Windows 身份验证与 DirectorySearcher 结合使用来识别和验证 Intranet 用户。
我设法获得了一些相当简单的代码,似乎可以解决问题,但是当我在实时服务器上尝试时,出现以下错误:
“指定的域不存在或无法联系”
我无法调试该应用程序位于实时服务器上,因此我将其复制到旧的开发服务器上进行测试。当我正常运行应用程序时,它出现了同样的错误,所以我尝试在 VS 中进行调试......但它工作得很好。
我怀疑这与模拟或 LDAP 调用有关 - 显然,当它适用于调试器时,很难确定真正的问题是什么。
但我想你们中的一个人能够为我指明正确的方向。
我的身份验证类的片段:
Private Function GetUserID() As String
Dim sID As String = HttpContext.Current.User.Identity.Name
Return Mid(sID, InStr(sID, "\") + 1)
End Function
Private Function GetDisplayName() As String
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim sName As String = String.Empty
With oSearcher
.Filter = String.Format("(SAMAccountName={0})", _UserID)
.PropertiesToLoad.Add("displayName")
oResult = .FindOne()
If Not oResult Is Nothing Then
sName = oResult.Properties("displayName")(0).ToString()
End If
End With
Return sName
End Function
Private Function GetEmail() As String
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim sEmail As String = String.Empty
With oSearcher
.Filter = String.Format("(SAMAccountName={0})", _UserID)
.PropertiesToLoad.Add("mail")
oResult = .FindOne()
If Not oResult Is Nothing Then
sEmail = oResult.Properties("mail")(0).ToString()
End If
End With
Return sEmail
End Function
Private Function GetGroups() As StringCollection
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim colGroups As New StringCollection
Dim i As Int16
With oSearcher
.Filter = String.Format("(cn=" & _UserName & ")", _UserID)
.PropertiesToLoad.Add("memberOf")
oResult = .FindOne()
If Not oResult Is Nothing Then
Dim iGroupCount As Int16 = oResult.Properties("memberOf").Count
For i = 0 To iGroupCount - 1
colGroups.Add(oResult.Properties("memberOf")(i).ToString())
Next
End If
End With
Return colGroups
End Function
I'm trying to use Integrated Windows Authentication combined with a DirectorySearcher to identify and authenticate the intranet user.
I'd managed to get some fairly simple code that seemed to do the trick, but when I tried on the live server I get the following error:
"The specified domain either does not exist or could not be contacted"
I can't debug the app on the live server so I copied it across to an old development server to test there. When I ran the app normally, it came up with the same error, so the I tried debugging in VS.... except it worked perfectly.
I suspect it's something to do with impersonation or to do with the LDAP call - obviously when it works for the debugger it's hard to be sure what the real problem is.
But I figured one of you guys will be able to point me in the right direction.
Snippets from my authentication class:
Private Function GetUserID() As String
Dim sID As String = HttpContext.Current.User.Identity.Name
Return Mid(sID, InStr(sID, "\") + 1)
End Function
Private Function GetDisplayName() As String
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim sName As String = String.Empty
With oSearcher
.Filter = String.Format("(SAMAccountName={0})", _UserID)
.PropertiesToLoad.Add("displayName")
oResult = .FindOne()
If Not oResult Is Nothing Then
sName = oResult.Properties("displayName")(0).ToString()
End If
End With
Return sName
End Function
Private Function GetEmail() As String
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim sEmail As String = String.Empty
With oSearcher
.Filter = String.Format("(SAMAccountName={0})", _UserID)
.PropertiesToLoad.Add("mail")
oResult = .FindOne()
If Not oResult Is Nothing Then
sEmail = oResult.Properties("mail")(0).ToString()
End If
End With
Return sEmail
End Function
Private Function GetGroups() As StringCollection
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim colGroups As New StringCollection
Dim i As Int16
With oSearcher
.Filter = String.Format("(cn=" & _UserName & ")", _UserID)
.PropertiesToLoad.Add("memberOf")
oResult = .FindOne()
If Not oResult Is Nothing Then
Dim iGroupCount As Int16 = oResult.Properties("memberOf").Count
For i = 0 To iGroupCount - 1
colGroups.Add(oResult.Properties("memberOf")(i).ToString())
Next
End If
End With
Return colGroups
End Function
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我发现使用 System.DirectoryServices.AccountManagement 命名空间来处理此类事情要容易得多,在您的情况下,UserPrincipal 类是您的朋友。
I've found it much easier to use the System.DirectoryServices.AccountManagement namespace for this kind of thing, in your case the UserPrincipal class is your friend.
我曾经遇到过同样的问题,我发现错误的原因是url的写法。
使用 AD 和 ADSI 时,请确保使用“大写”路径。正如我从您的代码中看到的,您将“cn”写为小写。 [GetGroups 函数]
我尝试的另一种方法是确保您正确使用正在使用的“连接字符串”。
LDAP://CN=" + 用户名 + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";
变成
LDAP://组织名称< /strong>.ad.root/CN=" + 用户名 + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";
其中“orgname”是运行 AD 的服务器名称。
希望这有帮助。
I once had the same problem and I figured out that the cause of error was the way the url was written.
When using AD and ADSI ensure you are using "UPPER CASE" paths. As I can see from your code you are writing "cn" as lower case. [GetGroups function]
Another way I would try is to ensure that you are making a proper use of the "connectionstring" you are using.
LDAP://CN=" + username + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";
becomes
LDAP://orgname.ad.root/CN=" + username + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";
where "orgname" it's the server name where AD is running on.
Hope this helps.
这是实现相同功能的另一种方法:
这对我有用。
Here is another way of achieving the same functionality:
This worked for me.
这很可能是一个权限问题:在您的开发计算机上进行本地测试时,它可以工作,因为您使用您的帐户访问了 AD。在实时服务器上,您可能在无权访问 AD 的服务帐户下运行应用程序。
It is likely that this is a permissions issue: when testing locally on your development machine it worked because you accessed AD with your account. On the Live server, you probably run the application under a service account which does not have access to AD.