在远程机器上使用 UserPrinciple 时出错
Error when using UserPrinciple on a remote machine
所以我有一个托管域,目前 运行 我在 IIS 7 上的应用程序,应用程序池设置:
- 身份:网络服务
- 托管管道模式:集成
- .NET版本:v4.0
- 名称:.NET v4.5
IIS 身份验证设置:
- 匿名:已禁用
- 模拟:已启用
- 表格:已禁用
- Windows:已启用
还有一个不同版本的应用程序可以正常使用这些设置。所以在我当前的应用程序中,我有这段代码来获取和存储用户 SID:
public static SecurityIdentifier GenerateUserSID()
{
return (UserPrincipal.Current.Sid);
}
public virtual ActionResult AddComment (string comment, int taskId, DateTime selectedDate)
{
var msg = string.Empty;
try
{
Comment newComment = new Comment();
var sid = ApplicationUtils.GenerateUserSID();
newComment.CommentText = comment;
newComment.Analyst = sid.ToString();
newComment.TaskHistoryId = taskId;
newComment.SelectedDateTimestamp = selectedDate;
newComment.AddedTimestamp = DateTime.Now;
_db.Comments.Add(newComment);
_db.SaveChanges();
}
catch (Exception e)
{
msg = "Error: " + e;
return Json(msg, JsonRequestBehavior.AllowGet);
}
return Json(comment, JsonRequestBehavior.AllowGet);
}
我收到以下错误:
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current() at Governance.Controllers.DashboardController.AddComment(String comment, Int32 taskId, DateTime selectedDate)
只有在远程机器上访问应用程序时才会出现这种情况,在本地机器上它工作正常。
有谁知道是什么原因造成的以及如何解决?
所以我设法在不更改 Active Directory 中的任何权限的情况下解决了这个问题。
所以现在我没有链接到 ApplicationUtils,而是:
public virtual string GetSid()
{
using (HostingEnvironment.Impersonate())
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, User.Identity.Name);
var sid = user.Sid;
return sid.ToString();
}
}
所以要获得 SID,我只需要调用 GetSid() 它将 return SID 的字符串版本。
所以我有一个托管域,目前 运行 我在 IIS 7 上的应用程序,应用程序池设置:
- 身份:网络服务
- 托管管道模式:集成
- .NET版本:v4.0
- 名称:.NET v4.5
IIS 身份验证设置:
- 匿名:已禁用
- 模拟:已启用
- 表格:已禁用
- Windows:已启用
还有一个不同版本的应用程序可以正常使用这些设置。所以在我当前的应用程序中,我有这段代码来获取和存储用户 SID:
public static SecurityIdentifier GenerateUserSID()
{
return (UserPrincipal.Current.Sid);
}
public virtual ActionResult AddComment (string comment, int taskId, DateTime selectedDate)
{
var msg = string.Empty;
try
{
Comment newComment = new Comment();
var sid = ApplicationUtils.GenerateUserSID();
newComment.CommentText = comment;
newComment.Analyst = sid.ToString();
newComment.TaskHistoryId = taskId;
newComment.SelectedDateTimestamp = selectedDate;
newComment.AddedTimestamp = DateTime.Now;
_db.Comments.Add(newComment);
_db.SaveChanges();
}
catch (Exception e)
{
msg = "Error: " + e;
return Json(msg, JsonRequestBehavior.AllowGet);
}
return Json(comment, JsonRequestBehavior.AllowGet);
}
我收到以下错误:
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current() at Governance.Controllers.DashboardController.AddComment(String comment, Int32 taskId, DateTime selectedDate)
只有在远程机器上访问应用程序时才会出现这种情况,在本地机器上它工作正常。
有谁知道是什么原因造成的以及如何解决?
所以我设法在不更改 Active Directory 中的任何权限的情况下解决了这个问题。
所以现在我没有链接到 ApplicationUtils,而是:
public virtual string GetSid()
{
using (HostingEnvironment.Impersonate())
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, User.Identity.Name);
var sid = user.Sid;
return sid.ToString();
}
}
所以要获得 SID,我只需要调用 GetSid() 它将 return SID 的字符串版本。