当前位置: 文江博客话题详情

UserPrincipal.GetAuthorizationGroups() 方法出错

发布于 2024-09-12 15:26:29 字数 1700 浏览 3 评论 0原文

我在 Web 应用程序中使用 UserPrincipal 类的 GetAuthorizationGroups 方法时遇到问题。

使用以下代码,我收到“在尝试检索授权组时,发生错误(5)”

PrincipalContext context = new PrincipalContext(ContextType.Domain, null, "DC=MyCompany,DC=COM", "username", "password");
UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "joe.blogs");
var groups = p.GetAuthorizationGroups();

我相信此代码在一定程度上有效。

  • 当我查看上下文对象时,我可以看到服务器和用户名/密码已在对象中正确解析
  • 当我查看 p 对象时,我可以看到 AD 详细信息已填充,例如电话号码等。

这是来自错误。

[PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.]
   System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) +317279
   System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) +441
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() +78
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups() +11

通过从 PrimaryContext 构造函数中删除用户名和密码详细信息,并将应用程序池(在 iis7 中)更改为以同一用户身份运行 ([电子邮件受保护]) - 以下代码有效。

PrincipalContext context = new PrincipalContext(ContextType.Domain, null, "DC=MyCompany,DC=COM");
UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "joe.blogs");
var groups = p.GetAuthorizationGroups();

我需要让第一个示例中的代码正常工作 - 我不想只是为了让该代码正常工作而以域用户身份运行应用程序池。

原文

I am having an issue using the GetAuthorizationGroups method of the UserPrincipal class in a web application.

Using the following code, I am receiving "While trying to retrieve the authorization groups, an error (5) occurred"

PrincipalContext context = new PrincipalContext(ContextType.Domain, null, "DC=MyCompany,DC=COM", "username", "password");
UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "joe.blogs");
var groups = p.GetAuthorizationGroups();

I believe this code works to an extent.

  • When I view the context object, I can see the server and username/password have been resolved correctly in the object
  • When I view the p object, I can see AD details have been populated like phone no etc.

Here is the stack trace from the error.

[PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.]
   System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) +317279
   System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) +441
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() +78
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups() +11

By removing the username and password details from the PrincipalContext constructor and changing the applicationpool (in iis7) to run as the same user ([email protected]) - the following code works.

PrincipalContext context = new PrincipalContext(ContextType.Domain, null, "DC=MyCompany,DC=COM");
UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "joe.blogs");
var groups = p.GetAuthorizationGroups();

I need to get the code in the first example to work - I do not want run the application pool as a domain user just to get this code working.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

半﹌身腐败 2024-09-19 15:26:29

我处理了同样的问题。请参阅类似问题的讨论。 https://stackoverflow.com/a/8347817/2012977

解决方案如下:

public List<GroupPrincipal> GetGroups(string userName)
    {
        var result = new List<GroupPrincipal>();
        PrincipalContext ctx = GetContext(); /*function to get domain context*/
        UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName);
        if (user != null)
        {
            PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

            var iterGroup = groups.GetEnumerator();
            using (iterGroup)
            {
                while (iterGroup.MoveNext())
                {
                    try
                    {
                        Principal p = iterGroup.Current;
                        result.Add((GroupPrincipal) p);
                    }
                    catch (PrincipalOperationException)
                    {
                        continue;
                    }
                }
            }
        }

        return result;
    }

I dealt with this same problem. See discussion on similar question. https://stackoverflow.com/a/8347817/2012977

Solution is below:

public List<GroupPrincipal> GetGroups(string userName)
    {
        var result = new List<GroupPrincipal>();
        PrincipalContext ctx = GetContext(); /*function to get domain context*/
        UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName);
        if (user != null)
        {
            PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

            var iterGroup = groups.GetEnumerator();
            using (iterGroup)
            {
                while (iterGroup.MoveNext())
                {
                    try
                    {
                        Principal p = iterGroup.Current;
                        result.Add((GroupPrincipal) p);
                    }
                    catch (PrincipalOperationException)
                    {
                        continue;
                    }
                }
            }
        }

        return result;
    }
回复 原文
℡寂寞咖啡 2024-09-19 15:26:29

错误 5 表示 ERROR_ACCESS_DENIED,其中建议与权限相关的问题。也就是说,以下代码对我有用,在 Windows 7 上运行,网站作为默认应用程序池运行:

.aspx 页面“body”的内容:

<asp:GridView ID="GridView1" runat="server">
</asp:GridView>

代码隐藏:

protected void Page_Load(object sender, EventArgs e)
{
    var Context = new PrincipalContext(ContextType.Domain, "logon_domain", "username", "password");
    var principal = UserPrincipal.FindByIdentity(Context, "user_to_query");
    var groups = principal.GetAuthorizationGroups();

    GridView1.DataSource = groups;
    GridView1.DataBind();
}

在我的示例中 logon_domaindomain_name\username 的左侧,而不是您使用的域规范的样式。我的解决方案可能适合你,也可能不适合你。如果没有,则确实表明某处存在权限问题。

Error 5 indicates ERROR_ACCESS_DENIED, which suggests a permissions related issue. That said, the following code has just worked for me, running on Windows 7 with the website running as the default application pool:

Content of "body" of .aspx page:

<asp:GridView ID="GridView1" runat="server">
</asp:GridView>

Code-behind:

protected void Page_Load(object sender, EventArgs e)
{
    var Context = new PrincipalContext(ContextType.Domain, "logon_domain", "username", "password");
    var principal = UserPrincipal.FindByIdentity(Context, "user_to_query");
    var groups = principal.GetAuthorizationGroups();

    GridView1.DataSource = groups;
    GridView1.DataBind();
}

In my example logon_domain was the lefthand of domain_name\username, rather than the style of domain specification you'd used. My solution may or may not work for you. If it doesn't, it does point to a permissions issue somewhere.

回复 原文
锦欢 2024-09-19 15:26:29

让您的管理员查看返回错误代码 5 的用户的 AD 帐户。我今天遇到了这个问题,结果发现这是该用户帐户上的一个设置。有一个复选框用于继承未选中的安全设置(所有其他用户均已选中)。这为我解决了这个问题。

Have your administrator look at the AD account for the user that returns the error code 5. I ran into that today and it turned out to be a setting on that user's account. There is a checkbox to inherit security settings that was not checked (all the other users were checked). This solved it for me.

回复 原文
~没有更多了~

关于作者

星軌x

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文