c# – 错误：System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity中发生“ *** 作错误”

概述我有以下代码来检索我的MVC3 Web应用程序中给定用户名的AD组： PrincipalContext userDomain = new PrincipalContext(ContextType.Domain, username.Split('\\')[0]);UserPrincipal user = UserPrincipal.FindByIdentity(userDomain, userna 我有以下代码来检索我的MVC3 Web应用程序中给定用户名的AD组：

PrincipalContext userDomain = new PrincipalContext(ContextType.Domain,username.Split('\')[0]);UserPrincipal user = UserPrincipal.FindByIDentity(userDomain,username);PrincipalSearchResult<Principal> memberOfGroups = user.GetGroups();IEnumerator<Principal> memberOfGroupsEnumerator = memberOfGroups.GetEnumerator();List<string> userADGroups = new List<string>();try{    while (memberOfGroupsEnumerator.MoveNext())    {        userADGroups.Add(memberOfGroupsEnumerator.Current.ToString());    }}catch{    // When trying to access AD groups of a different domain,issues can arise at the end of the enumerator. These may be ignored.}

这在本地工作正常,但当部署到网络上的另一台机器上时出错,出现以下错误：

An operations error occurred.

错误的堆栈跟踪：

System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry
entry,String propertyname)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyname)
at System.DirectoryServices.AccountManagement.PrincipalContext.DolDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DodomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_queryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIDentityWithTypeHelper(PrincipalContext
context,Type principalType,Nullable`1 IDentityType,String IDentityValue,DateTime refDate)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIDentity(PrincipalContext context,String IDentityValue)
at MvcSFIWebSite.Models.User..ctor(String username)

错误消息是相当模糊的,我无法弄清楚发生了什么,因为它在本地工作正常.

用于部署的计算机上的IIS使用自定义帐户而不是AppPool标识.是否应授予此帐户访问AD组目录的任何权限？ IIS中是否明确要求其他任何设置才能生效？

任何建议都会非常有帮助.提前致谢.

解决方法 问题是因为在web.config中将IDentity_impersonate设置为true,因此传递的用户令牌是辅助令牌,因此无法访问Active Directory.

This answer解决了我的问题.

总结

以上是内存溢出为你收集整理的c# – 错误：System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity中发生“ *** 作错误”全部内容，希望文章能够帮你解决c# – 错误：System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity中发生“ *** 作错误”所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。