错误:“发生操作错误"在 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity

C#/.NET问题 得得之家
Error: quot;An operations error occurredquot; in System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(错误:“发生操作错误在 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity)
本文介绍了错误:“发生操作错误"在 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有以下代码在我的 MVC3 Web 应用程序中检索给定用户名的 AD 组:

I have the following code to retrieve AD groups of a given user name in my MVC3 web application:

PrincipalContext userDomain = new PrincipalContext(ContextType.Domain, username.Split('\')[0]);
UserPrincipal user = UserPrincipal.FindByIdentity(userDomain, username);
PrincipalSearchResult<Principal> memberOfGroups = user.GetGroups();
IEnumerator<Principal> memberOfGroupsEnumerator = memberOfGroups.GetEnumerator();
List<string> userADGroups = new List<string>();

try
{
    while (memberOfGroupsEnumerator.MoveNext())
    {
        userADGroups.Add(memberOfGroupsEnumerator.Current.ToString());
    }
}
catch
{
    // When trying to access AD groups of a different domain, issues can arise at the end of the enumerator. These may be ignored.

}

这在本地工作正常,但是当部署到网络上的另一台机器上时,会出现以下错误:

This works fine locally but when deployed onto another machine on the network errors out with the following error:

发生操作错误.

错误的堆栈跟踪:

System.DirectoryServices.DirectoryServicesCOMException (0x80072020):发生操作错误.
在 System.DirectoryServices.DirectoryEntry.Bind(布尔 throwIfFail)
在 System.DirectoryServices.DirectoryEntry.Bind()
在 System.DirectoryServices.DirectoryEntry.get_AdsObject()
在 System.DirectoryServices.PropertyValueCollection.PopulateList()
在 System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry条目,字符串属性名称)
在 System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
在 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
在 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
在 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
在 System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
在 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext上下文,类型 principalType,Nullable`1 identityType,字符串 identityValue,DateTime refDate)
在 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext 上下文,字符串 identityValue)
在 MvcSFIWebSite.Models.User..ctor(字符串用户名)

System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at MvcSFIWebSite.Models.User..ctor(String username)

错误消息相当模糊,我无法弄清楚发生了什么,因为它在本地运行良好.

The error message is rather ambiguous and I am unable to figure out what is happening as it works fine locally.

用于部署的计算机上的 IIS 使用自定义帐户而不是 AppPool 身份.是否应该授予此帐户访问 AD 组目录的任何权限?IIS 中是否需要任何其他设置才能使其正常工作?

The IIS on the machine used for deployment uses a custom account instead of the AppPool identity. Should this account be granted any permissions to access the AD group directory? Are any other settings explicitly required in IIS for this to work?

任何建议都会非常有帮助.提前致谢.

Any suggestions would be very helpful. Thanks in advance.

推荐答案

问题是因为 identity_impersonate 在 web.config 中设置为 true,所以传递的用户令牌是辅助令牌,因此无法访问 Active Directory.

The issue was because identity_impersonate was set to true in web.config so the user token which was being passed was a secondary token and hence could not access the Active Directory.

这个答案解决了我的问题.

这篇关于错误:“发生操作错误"在 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

尝试更新ViewModel中的Ui属性时DispatcherQueue为空
DispatcherQueue null when trying to update Ui property in ViewModel(尝试更新ViewModel中的Ui属性时DispatcherQueue为空)
在多个监视器上绘制所有窗口
Drawing over all windows on multiple monitors(在多个监视器上绘制所有窗口)
以编程方式显示桌面
Programmatically show the desktop(以编程方式显示桌面)
按类型访问对象的C#泛型集实现
c# Generic Setlt;Tgt; implementation to access objects by type(按类型访问对象的C#泛型集实现)
在ASP.NET核心中使用上下文注入时发生InvalidOperationException
InvalidOperationException When using Context Injection in ASP.Net Core(在ASP.NET核心中使用上下文注入时发生InvalidOperationException)
LINQ多对多关系,如何写一个正确的WHERE子句?
LINQ many-to-many relationship, how to write a correct WHERE clause?(LINQ多对多关系,如何写一个正确的WHERE子句?)
前端问题php问题Java问题Python问题C/C++问题C#/.NET问题移动开发问题数据库问题
html vue validate adobe dreamweaver hbuilder vscode aptana editor dedecms ckeditor 编辑器 过滤 规则 织梦 图片本地化 模板 缩略图 图集 图片删除 ajax 瀑布流 无限下拉 cms 判断 sql 清除 tag 文档数 angularjs2 按钮 切换效果 vue3 thinkphp yii2 css 项目列表 li go Beego Buffalo Echo Gin Iris Revel 百度云 虚拟主机 pbootcms 伪静态 框架 排序 数据库 对象 字段 sql语句 php 字符串 分割 D3.js bootstrap 函数 svg selectAll 织梦cms 关键词 解析 采集 长度限制 日期 正则表达式