ActiveDirectoryMembershipProvider“无法联系指定的域或服务器”更改为康卡斯特后
我的公司最近从专用 T-1 更改为宽带业务 Comcast 连接。紧接着,这个问题就开始了。
我们的开发计算机是本地的,但我们的 Active Directory 服务器(用于在部署之前测试和暂存产品)是位于 Rackspace 的公共云实例。开发机器未连接到域。
我们使用 ActiveDirectoryMembershipProvider 和基于表单的身份验证 - 以及身份验证完成后应用程序本身内的 LDAP 查询。
我们已经使用此配置几个月了 - 没有任何问题。
更改为康卡斯特后 - 一切似乎都正常工作,除了这一点。当我们尝试在本地运行该应用程序时,会出现上述错误。
“/Web.NEPA”应用程序中的服务器错误。
<代码>------------------------------------------------------------ ---------------------------------
配置错误 说明:处理服务此请求所需的配置文件期间发生错误。请查看下面的具体错误详细信息并适当修改您的配置文件。
解析器错误消息:无法联系指定的域或服务器。
源错误:
第 4 行: 5号线: 第 7 行:connectionStringName="LdapService" 第 8 行:attributeMapUsername="SAMAccountName"
源文件:C:\dev\EMSolution\branches\3.4.0.0\Web.NEPA\App_Config\Testing\3.4.0.0\NEPAARNG\System.Web.Membership.config 行:6
------------------------------------------------- ------------------------------------------- 版本信息:Microsoft .NET Framework版本:2.0.50727.4952; ASP.NET 版本:2.0.50727.4955
我已确保这不是 Rackspace 端的防火墙问题(通过完全关闭它并尝试连接)。我还创建了一个测试程序来针对我们的 AD 实例运行 LDAP 查询 - 效果非常好。
--- 以下是引用的一些项目:
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LdapService"
attributeMapUsername="SAMAccountName"
connectionUsername="DEV1\emsutil"
connectionPassword="*****"
connectionProtection="None"
requiresQuestionAndAnswer="false"
minRequiredPasswordLength="4"
minRequiredNonalphanumericCharacters="0"
enableSearchMethods="true"/>
</providers>
</membership>
<connectionStrings>
<add name="LdapService" connectionString="LDAP://cloud1.dev1/DC=dev1" />
</connectionStrings>
--- 正常工作的测试程序:
using System;
using System.DirectoryServices;
namespace ldaptest
{
internal class Program
{
private static void Main(string[] args)
{
DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP://cloud1.dev1/DC=dev1";
de.Username = "emsutil@dev1";
de.Password = "*****";
DirectorySearcher srch = new DirectorySearcher(de);
srch.Filter = "(objectClass=user)";
using (SearchResultCollection results = srch.FindAll())
{
foreach (SearchResult res in results)
{
Console.WriteLine("\t{0}", res.Path);
}
}
Console.ReadKey();
}
}
}
My company recently changed from a dedicated T-1 to a broadband business Comcast connection. Immediately after, this problem began.
Our development machines are local, but our Active Directory server (used for testing and staging the product before deployments) is a public cloud instance located at Rackspace. The dev machines are NOT connected to the domain.
We use the ActiveDirectoryMembershipProvider, and form based authentication - as well as LDAP queries within the application itself once authentication is complete.
We've been using this configuration for several months - no problems.
After changing to Comcast - everything seems to work correctly, except this. When we try to run the application locally, we get the above error.
Server Error in '/Web.NEPA' Application.--------------------------------------------------------------------------------
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: The specified domain or server could not be contacted.
Source Error:
Line 4:
Line 5:
Line 7: connectionStringName="LdapService"
Line 8: attributeMapUsername="SAMAccountName"
Source File: C:\dev\EMSolution\branches\3.4.0.0\Web.NEPA\App_Config\Testing\3.4.0.0\NEPAARNG\System.Web.Membership.config Line: 6
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.4952; ASP.NET Version:2.0.50727.4955
I have made sure this wasn't a firewall issue on the Rackspace side (by completely turning it off and attempting a connection). I have also created a test program to run an LDAP query against our AD instance - which works perfectly.
--- here's some of the items referenced:
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LdapService"
attributeMapUsername="SAMAccountName"
connectionUsername="DEV1\emsutil"
connectionPassword="*****"
connectionProtection="None"
requiresQuestionAndAnswer="false"
minRequiredPasswordLength="4"
minRequiredNonalphanumericCharacters="0"
enableSearchMethods="true"/>
</providers>
</membership>
<connectionStrings>
<add name="LdapService" connectionString="LDAP://cloud1.dev1/DC=dev1" />
</connectionStrings>
--- Test program that works correctly:
using System;
using System.DirectoryServices;
namespace ldaptest
{
internal class Program
{
private static void Main(string[] args)
{
DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP://cloud1.dev1/DC=dev1";
de.Username = "emsutil@dev1";
de.Password = "*****";
DirectorySearcher srch = new DirectorySearcher(de);
srch.Filter = "(objectClass=user)";
using (SearchResultCollection results = srch.FindAll())
{
foreach (SearchResult res in results)
{
Console.WriteLine("\t{0}", res.Path);
}
}
Console.ReadKey();
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我以前见过类似的问题,我认为康卡斯特可能是你问题的根源。
Comcast 有一个名为“域助手”的“功能”,可以拦截对无效域名的请求,并提供一个建议替代方案、显示一些广告等的页面。(基本上,它会破坏 DNS,以便在广告上赚取几美元。
)请求可能会受到域助手服务的干扰。虽然它通常不会从互联网获得响应并回退到本地网络来查找服务器,但它会从域助手获得“有效”响应。当然,响应根本不是您的代码所期望的,因此会引发异常。
有多种方法可以关闭域助手,但最好的选择可能是调用它们。您还可以尝试查看 http://dns-opt-out.comcast.net/和 http://dns.comcast.net/ 用于进一步调试资源。
I've seen similar problems before, and I think that Comcast might be the source of your problem.
Comcast has a "feature" called Domain Helper that intercepts requests to invalid domain names and instead serves up a page that suggests alternatives, shows some ads, etc. (Basically, it breaks DNS in order to make a few dollars on advertising.)
Your request is likely getting interference from the Domain Helper service. While it would normally get no response from the internet and fall back to local network to find the server, it will instead get a "valid" response from Domain Helper. Of course, the response is not at all what your code is expecting, thus an exception is thrown.
There are various methods to turn Domain Helper off, but your best bet might be to call them. You can also try looking at http://dns-opt-out.comcast.net/ and http://dns.comcast.net/ for further debugging resources.