C# Active Directory PrimaryContext / UserPrincipal.IsMemberOf 错误
所以我有一个问题,说实话我不太确定如何问。本质上,我有一些代码在我的本地计算机上运行时运行得非常好。一旦我将其发布到我们的开发网络服务器,它就会失败。我不确定这是 IIS 设置问题、web.config 问题还是编码问题。
这是代码片段,
bool isMember = false;
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim()))
{
isMember = true;
}
return isMember;
我在其中传递用户名和组,它告诉我该用户是否是该组中的成员。没问题。在我的机器上运行得很好。我将该代码发布到网络服务器,当它到达抛出此错误的行时失败
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
:
[DirectoryServicesCOMException (0x80072020): 发生操作错误。]
System.DirectoryServices.DirectoryEntry.Bind(布尔 throwIfFail)+788
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry 条目,字符串属性名称)+63
System.DirectoryServices.PropertyCollection.get_Item(字符串属性名称)+163 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +521217
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +141
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext 上下文,类型主体类型,可空`1 身份类型,字符串 身份值,日期时间参考日期)+29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext 上下文,字符串标识值)+95
Cosmic.Web.Login.btnSubmit_Click(对象发送者,EventArgs e)位于 C:\cosmic\Cosmic.Web\Login.aspx.cs:79
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
System.Web.UI.Page.ProcessRequestMain(布尔 includeStagesBeforeAsyncPoint,布尔 includeStagesAfterAsyncPoint)+3691
有什么想法可能会失败吗?
So I have a question I'm honestly not quite sure how to ask. Essentially I have a bit of code that works fantastically on my local machine when I run it. Once I publish it to our development web server, it fails. I'm not sure if it's an IIS setup issue, web.config issue or a coding issue.
Here's the snippet of code
bool isMember = false;
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim()))
{
isMember = true;
}
return isMember;
Where I pass in a user name and a group and it tells me if that user’s a member in that group. No problem. Works great on my machine. I went to publish that code to the webserver and it fails when it hits the line
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
it throws this error:
[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry
entry, String propertyName) +63
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
+521217
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
+51
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
+141
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
+42
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext
context, Type principalType, Nullable`1 identityType, String
identityValue, DateTime refDate) +29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext
context, String identityValue) +95
Cosmic.Web.Login.btnSubmit_Click(Object sender, EventArgs e) in C:\cosmic\Cosmic.Web\Login.aspx.cs:79
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3691
Any ideas where this could be failing?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我的第一个猜测是:您运行此代码的用户帐户没有查询 Active Directory 所需的权限。
要解决此问题,基本上您需要将构造函数从以下更改:
(使用此代码运行时的当前默认凭据建立与 AD 的连接)
更改为:
并提供用户名和密码您知道具有足够权限来查询 Active Directory 的用户帐户。
My first guess would be: that user account you're running this code under doesn't have the necessary permissions to query Active Directory.
To fix this, basically you need to change your constructor from this:
(establishes a connection to AD with the current, default credentials this code is running under)
to this:
and provide a username and password for a user account that you know has sufficient privileges to query Active Directory.
如果您有几秒钟的时间来等待大型 AD 中的数据,那么请继续使用 PrimaryContext,但如果您希望在毫秒内得到响应,请使用 DirectoryEntry、DirectorySearcher 和 .PropertiesToLoad。
这是一个示例
https://stackoverflow.com/a/65986796/5248400
If you've got several seconds to spare waiting for your data form a large AD, then go ahead and use PrincipalContext but if you want your response in milliseconds, use DirectoryEntry, DirectorySearcher and .PropertiesToLoad.
Here's an example
https://stackoverflow.com/a/65986796/5248400