使用 ASP.NET WebAPI C# 获取 AD 组无法在 Windows Server 2016 Datacenter 上运行
Get AD Groups with ASP.NET WebAPI C# not working on Windows Server 2016 Datacenter
我有一个 ASP.NET Web API 应用程序,它将包含特定名称的所有组从 Active Directory 加载到内部数据库中。
这是在 Dev 上工作。 PC (Windows 10)、Testserver 和旧的 Productive Server (Windows Server 2012 R2)
但是在新的 Productive Server (Windows 2016) 上,同样的方法 运行 变成了异常。
Illegal operation attempted on a registry key that has been marked for deletion.
代码在这里:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
var adGroups = srch.FindAll().Where(w => w.Name.Contains("_FS", StringComparison.InvariantCultureIgnoreCase));
var permissions = new List<PermissionGroup>();
// find all matches
foreach (var found in adGroups) {
var permission = new PermissionGroup(found.Name, found.Sid.ToString());
permissions.Add(permission);
}
附加信息:
Windows 服务器 2016 数据中心
版本 10.0.14393 内部版本 14393
已安装 .NET Framework (Server 2016) .NET Framework 4.8
使用 .NET Framework 7
谁有想法,可能是什么问题?
谢谢
添加:2020 年 1 月 8 日 16:11(UTC +1)
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException:
Illegal operation attempted on a registry key that has been marked for
deletion.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[COMException (0x800703fa): Illegal operation attempted on a registry
key that has been marked for deletion. ]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +535
System.DirectoryServices.DirectoryEntry.Bind() +48
System.DirectoryServices.DirectoryEntry.get_AdsObject() +43
System.DirectoryServices.PropertyValueCollection.PopulateList() +27
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry
entry, String propertyName) +122
System.DirectoryServices.PropertyCollection.get_Item(String
propertyName) +168
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +194
System.DirectoryServices.DirectoryEntry.Bind() +48
System.DirectoryServices.DirectoryEntry.get_AdsObject() +43
System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne) +91
System.DirectoryServices.DirectorySearcher.FindOne() +46
FragranceStudio.Webservice.Common.Helper.ActiveDirectoryHelper.SetADInformationToFragranceStudioPrincipal(FragranceStudioPrincipal
fragranceStudioPrincipal) in
C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common\Helper\ActiveDirectoryHelper.cs:70
FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.ReloadInheritedPermissionGroups(FragranceStudioPrincipal
principal) in
C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common.Security\ExtendedPermissionProvider.cs:142
[FragranceStudioException: An unknown error has occurred. Please try
again or contact the Servicedesk.]
FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.ReloadInheritedPermissionGroups(FragranceStudioPrincipal
principal) in
C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common.Security\ExtendedPermissionProvider.cs:169
FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.GetInheritedGroups(FragranceStudioPrincipal
principal) in
C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common.Security\ExtendedPermissionProvider.cs:62
FragranceStudio.Webservice.Common.DomainEntities.Security.FragranceStudioPrincipal..ctor(IExtendedPermissionProvider
extendedPermissionProvider, WindowsPrincipal principal) in
C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common\DomainEntities\Security\FragranceStudioPrincipal.cs:55
FragranceStudio.Webservice.WebApiApplication.Application_PostAuthenticateRequest(Object
sender, EventArgs e) in
C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice\Global.asax.cs:51
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+223 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +220 System.Web.HttpApplication.ExecuteStep(IExecutionStep
step, Boolean& completedSynchronously) +94
我发现了这个问题,但我不知道为什么会这样。
在最大工作进程上,设置为 2。
但为什么这对 AD 查询来说是个问题?
阅读 this article 告诉我这个问题与访问用户的个人资料有关。但是,您的应用程序池设置表明您甚至没有加载用户配置文件,这可能是您遇到问题的原因。
在您的应用程序池设置中,启用 "Load User Profile"。
This answer and the comment on this answer 确认。
我不完全确定为什么它在没有打开它的情况下抛出这个异常,以及为什么只有 2 个工作进程。我对此也很好奇。当它不是用户自己的注册表配置单元时,它可能与向进程提供的注册表配置单元有关,并且当一个工作进程关闭时关闭,从而阻止访问另一个进程。只是猜测。
我有一个 ASP.NET Web API 应用程序,它将包含特定名称的所有组从 Active Directory 加载到内部数据库中。
这是在 Dev 上工作。 PC (Windows 10)、Testserver 和旧的 Productive Server (Windows Server 2012 R2) 但是在新的 Productive Server (Windows 2016) 上,同样的方法 运行 变成了异常。
Illegal operation attempted on a registry key that has been marked for deletion.
代码在这里:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
var adGroups = srch.FindAll().Where(w => w.Name.Contains("_FS", StringComparison.InvariantCultureIgnoreCase));
var permissions = new List<PermissionGroup>();
// find all matches
foreach (var found in adGroups) {
var permission = new PermissionGroup(found.Name, found.Sid.ToString());
permissions.Add(permission);
}
附加信息: Windows 服务器 2016 数据中心 版本 10.0.14393 内部版本 14393
已安装 .NET Framework (Server 2016) .NET Framework 4.8 使用 .NET Framework 7
谁有想法,可能是什么问题? 谢谢
添加:2020 年 1 月 8 日 16:11(UTC +1)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException: Illegal operation attempted on a registry key that has been marked for deletion.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[COMException (0x800703fa): Illegal operation attempted on a registry key that has been marked for deletion. ]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +535 System.DirectoryServices.DirectoryEntry.Bind() +48
System.DirectoryServices.DirectoryEntry.get_AdsObject() +43
System.DirectoryServices.PropertyValueCollection.PopulateList() +27
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +122
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +168
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +194 System.DirectoryServices.DirectoryEntry.Bind() +48
System.DirectoryServices.DirectoryEntry.get_AdsObject() +43
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +91
System.DirectoryServices.DirectorySearcher.FindOne() +46
FragranceStudio.Webservice.Common.Helper.ActiveDirectoryHelper.SetADInformationToFragranceStudioPrincipal(FragranceStudioPrincipal fragranceStudioPrincipal) in C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common\Helper\ActiveDirectoryHelper.cs:70 FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.ReloadInheritedPermissionGroups(FragranceStudioPrincipal principal) in C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common.Security\ExtendedPermissionProvider.cs:142[FragranceStudioException: An unknown error has occurred. Please try again or contact the Servicedesk.]
FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.ReloadInheritedPermissionGroups(FragranceStudioPrincipal principal) in C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common.Security\ExtendedPermissionProvider.cs:169 FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.GetInheritedGroups(FragranceStudioPrincipal principal) in C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common.Security\ExtendedPermissionProvider.cs:62 FragranceStudio.Webservice.Common.DomainEntities.Security.FragranceStudioPrincipal..ctor(IExtendedPermissionProvider extendedPermissionProvider, WindowsPrincipal principal) in C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice.Common\DomainEntities\Security\FragranceStudioPrincipal.cs:55 FragranceStudio.Webservice.WebApiApplication.Application_PostAuthenticateRequest(Object sender, EventArgs e) in C:\Repositories\VS2017\FragranceStudio\FragranceStudio\FragranceStudio.Webservice\Global.asax.cs:51 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +223 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +220 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +94
我发现了这个问题,但我不知道为什么会这样。 在最大工作进程上,设置为 2。 但为什么这对 AD 查询来说是个问题?
阅读 this article 告诉我这个问题与访问用户的个人资料有关。但是,您的应用程序池设置表明您甚至没有加载用户配置文件,这可能是您遇到问题的原因。
在您的应用程序池设置中,启用 "Load User Profile"。
This answer and the comment on this answer 确认。
我不完全确定为什么它在没有打开它的情况下抛出这个异常,以及为什么只有 2 个工作进程。我对此也很好奇。当它不是用户自己的注册表配置单元时,它可能与向进程提供的注册表配置单元有关,并且当一个工作进程关闭时关闭,从而阻止访问另一个进程。只是猜测。