System.DirectoryServices 和IIS - 获取用户名
我不确定这是否超出了系统管理领域,但无论如何我都会问我的问题:)
我正在 MVC3 中开发一个网站。该站点使用约束委派来模拟 Windows 域中的用户并连接到该用户下的 SQL Server。这一切都没有问题。
我想要做的是访问登录用户名的显示名称属性(使用以下代码):
string displayName;
var context = new PrincipalContext(ContextType.Domain, "contoso");
var userPrincipal = UserPrincipal.FindByIdentity(context,
IdentityType.SamAccountName,
userName);
displayName = userPrincipal.DisplayName;
我收到 LDAP 操作错误:
异常详细信息:System.Runtime.InteropServices.COMException:发生操作错误。
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext 上下文,IdentityType 身份类型,字符串身份值)
context
- ,
- 使用远程桌面连接到 ASP.NET 应用程序池运行的用户下的生产计算机后,此操作在控制台应用程序中成功。
- 该操作从具有普通域帐户的随机工作站成功。
- 生产服务器上的网站操作失败。
I'm not sure if this is going too far into sys admin territory, but I will ask my question anyway :)
I'm developing a website in MVC3. The site uses constrained delegation to impersonate a user in the Windows domain and connect to a SQL Server under that user. This all works without problems.
What I'm trying to do is access the Display Name property of the logged on user name (using the following code):
string displayName;
var context = new PrincipalContext(ContextType.Domain, "contoso");
var userPrincipal = UserPrincipal.FindByIdentity(context,
IdentityType.SamAccountName,
userName);
displayName = userPrincipal.DisplayName;
I get an LDAP operations error:
Exception Details: System.Runtime.InteropServices.COMException: An operations error occurred.
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext
context, IdentityType identityType, String identityValue)
The strange thing is that:
- This operation succeeds on the acceptance test server (same configuration, same domain, same application pool user, different machine).
- This operation succeeds in a console application after using Remote Desktop to connect to the production machine under the user that the ASP.NET application pool runs.
- The operation succeeds from a random workstation with a normal domain account.
- The operation fails in the web site on the production server.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我通过将网站的
PhysicalPathCredentials设置为帐户解决了这个问题。但我无法找出问题的原因,但它有效。I solved this by setting the
PhysicalPathCredentialsof the website to the account. But I can't figure out the cause of the problem, but it works.