PrincipalContext userDomain = new PrincipalContext(ContextType.Domain,username.Split('\')[0]);UserPrincipal user = UserPrincipal.FindByIDentity(userDomain,username);PrincipalSearchResult<Principal> memberOfGroups = user.GetGroups();IEnumerator<Principal> memberOfGroupsEnumerator = memberOfGroups.GetEnumerator();List<string> userADGroups = new List<string>();try{ while (memberOfGroupsEnumerator.MoveNext()) { userADGroups.Add(memberOfGroupsEnumerator.Current.ToString()); }}catch{ // When trying to access AD groups of a different domain,issues can arise at the end of the enumerator. These may be ignored.}
这在本地工作正常,但当部署到网络上的另一台机器上时出错,出现以下错误:
An operations error occurred.
错误的堆栈跟踪:
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry
entry,String propertyname)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyname)
at System.DirectoryServices.AccountManagement.PrincipalContext.DolDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DodomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_queryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIDentityWithTypeHelper(PrincipalContext
context,Type principalType,Nullable`1 IDentityType,String IDentityValue,DateTime refDate)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIDentity(PrincipalContext context,String IDentityValue)
at MvcSFIWebSite.Models.User..ctor(String username)
错误消息是相当模糊的,我无法弄清楚发生了什么,因为它在本地工作正常.
用于部署的计算机上的IIS使用自定义帐户而不是AppPool标识.是否应授予此帐户访问AD组目录的任何权限? IIS中是否明确要求其他任何设置才能生效?
任何建议都会非常有帮助.提前致谢.
解决方法 问题是因为在web.config中将IDentity_impersonate设置为true,因此传递的用户令牌是辅助令牌,因此无法访问Active Directory.This answer解决了我的问题.
总结以上是内存溢出为你收集整理的c# – 错误:System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity中发生“ *** 作错误”全部内容,希望文章能够帮你解决c# – 错误:System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity中发生“ *** 作错误”所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)