c# – 错误：System.DirectoryServices.AccountManagement.UserP

发布时间：2020-12-15 18:08:47 所属栏目：百科来源：网络整理

导读：我有以下代码来检索我的MVC3 Web应用程序中给定用户名的AD组： PrincipalContext userDomain = new PrincipalContext(ContextType.Domain,username.Split('')[0]);UserPrincipal user = UserPrincipal.FindByIdentity(userDomain,username);PrincipalSearc

我有以下代码来检索我的MVC3 Web应用程序中给定用户名的AD组：

PrincipalContext userDomain = new PrincipalContext(ContextType.Domain,username.Split('')[0]);
UserPrincipal user = UserPrincipal.FindByIdentity(userDomain,username);
PrincipalSearchResult<Principal> memberOfGroups = user.GetGroups();
IEnumerator<Principal> memberOfGroupsEnumerator = memberOfGroups.GetEnumerator();
List<string> userADGroups = new List<string>();

try
{
    while (memberOfGroupsEnumerator.MoveNext())
    {
        userADGroups.Add(memberOfGroupsEnumerator.Current.ToString());
    }
}
catch
{
    // When trying to access AD groups of a different domain,issues can arise at the end of the enumerator. These may be ignored.

}

这在本地工作正常,但当部署到网络上的另一台机器上时出错,出现以下错误：

An operations error occurred.

错误的堆栈跟踪：

System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry
entry,String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext
context,Type principalType,Nullable`1 identityType,String identityValue,DateTime refDate)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context,String identityValue)
at MvcSFIWebSite.Models.User..ctor(String username)

错误消息是相当模糊的,我无法弄清楚发生了什么,因为它在本地工作正常.

用于部署的计算机上的IIS使用自定义帐户而不是AppPool标识.是否应授予此帐户访问AD组目录的任何权限？ IIS中是否明确要求其他任何设置才能生效？

任何建议都会非常有帮助.提前致谢.

解决方法

问题是因为在web.config中将identity_impersonate设置为true,因此传递的用户令牌是辅助令牌,因此无法访问Active Directory.

This answer解决了我的问题.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!