我目前目标是实现一个只读的角色提供基于使用的实用程序中的 System.DirectoryServices.AccountManagement 组装域安全组的ASP.NET应用程序。我有下面这段code,工作正常在我的开发领域,但未能在部署环境:
I am currently aiming to implement a read-only role provider for an ASP.NET application based on domain security groups using the utilities in the System.DirectoryServices.AccountManagement assembly. I have the following piece of code which works fine on my development domain, but fails in the deployment environment:
Using myContext As New PrincipalContext(ContextType.Domain, Nothing, "DC=My,DC=Controller", accountName, accountPassword) Try Dim p As UserPrincipal = UserPrincipal.FindByIdentity(myContext, IdentityType.SamAccountName, userName) Dim groups = p.GetAuthorizationGroups() For Each g In groups Debug.WriteLine("Found security group: " & g.DisplayName & vbNewLine) Next Catch ex As Exception Debug.WriteLine("Encountered an exception: " & vbNewLine & ex.ToString()) End Try End Using
的异常堆栈跟踪收益如下:
The exception stack trace returns as follows:
System.DirectoryServices.AccountManagement.PrincipalOperationException: There is no such object on the server. ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_SchemaEntry() at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de) at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options) at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() --- End of inner exception stack trace --- at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
我知道了明显的疑难杂症这里是要一定的对象实际上,嗯...在服务器上存在。不过,我可以肯定,毫无疑问,无论帐户的SAM帐户名我用它,我收到了同样的结果从调用。此外,微软的 ActiveDirectoryMembershipProvider 毫不费力地对同一SAM帐户名称进行身份验证,我能够找到使用这些信息与的 DirectorySearcher从 类。唯一的区别我可以开发网络和应用之间的标识是部署环境的DC是在Windows Server 2003中,而当地我开发了Windows Server 2008的DC。什么可能我可以俯瞰?
I know the obvious "gotcha" here is to be certain the object actually, well... exists on the server. However, I can confirm without a doubt that no matter which account's SAM Account Name I use, I receive the same result from the call. Additionally, Microsoft's ActiveDirectoryMembershipProvider has no trouble authenticating against the same SAM Account Name and I am able to find the object using that information with the DirectorySearcher class. The only differences I can identify between the development network and deployment is that the deployment environment's DC is a Windows Server 2003 box, whereas locally I am developing with a Windows Server 2008 DC. What might I be overlooking?
推荐答案由于某些原因,问题出在路径域控制器。描述路径 DC = box123,DC = DOM 没有工作,但使用的路径 box123.dom 一样。不能说为什么,这不是一个问题,我可以在本地域中复制,但解决了问题。
For some reason, the problem lay in the path to the domain controller. Describing the path as DC=box123,DC=dom did not work, but using the path box123.dom did. Can't say why, and it's not a behavior I can duplicate on the local domain, but that resolved the issue.
编辑: 经进一步调查,施工 DC = box123,DC = DOM 时相比降低到 DC = DOM 正常运作,以及。我不明白寻址的动态,但我可以用一个DirectorySearcher从对象,它揭示的路径,我的用户是显示的路径样本用户确定的麻烦: LDAP: //box123.dom/CN=username/CN=Users/DC=dom
Upon further investigation, the construction DC=box123,DC=dom when pared down to DC=dom functioned correctly as well. I don't understand the dynamics of the addressing, but I was able to determine the trouble by displaying the path to a sample user using a DirectorySearcher object, which revealed the path to my user to be: LDAP://box123.dom/CN=username/CN=Users/DC=dom
更多推荐
UserPrincipal.FindByIdentity执意"还有就是在服务器上没有这样一个对象&QUOT。
发布评论