我的设置是用户连接的MVC网站,网站连接到幕后的REST Web API服务。网站和Web服务都需要身份验证,并将首先使用用户Windows身份验证进行身份验证,然后将此身份传递给ADLDS目录声明提供程序,我必须查看他们有权执行的操作。
目前连接到IIS上托管的MVC网站工作正常,Windows凭据经过身份验证,然后授权权限,网站表现良好。但是当网站调用REST服务时,REST服务会检查身份并获取应用程序池的标识,而不是调用MVC网站的用户的凭据。即双跳问题。
这是在MVC网站的web.config中使用impersonate = false。我尝试通过Visual Studio在我的盒子上本地运行MVC网站,连接到远程托管的REST服务,并在本地MVC web.config中设置impersonate = true,这样可行。即REST Web服务然后获取正确的凭据,而不是应用程序池标识。
但是,如果我在远程服务器上的IIS上托管的MVC网站的web.config中设置了impersonate = true,则该网站根本无法加载。那么什么在Visual Studio中有效,在通过IIS部署时不起作用。我得到的例外是
01-12-2015 09:52:47,105 [][1] INFO Centrica.CE.SE.PortalX.MvcApplication - **********************APPLICATION STARTED*****************************
01-12-2015 09:53:10,160 [UK\kerslaj1][5] ERROR Centrica.CE.SE.PortalX.MvcApplication - System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> Microsoft.Practices.Unity.ResolutionFailedException: Resolution of the dependency failed, type = "Centrica.CE.SE.PortalX.Security.IClaimsProvider", name = "(none)".
Exception occurred while: Calling constructor Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider().
Exception is: TypeInitializationException - The type initializer for 'Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider' threw an exception.
-----------------------------------------------
At the time of the exception, the container was:
Resolving Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider,(none) (mapped from Centrica.CE.SE.PortalX.Security.IClaimsProvider, (none))
Calling constructor Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider()
---> System.TypeInitializationException: The type initializer for 'Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider' threw an exception. ---> System.DirectoryServices.AccountManagement.PrincipalOperationException: An operations error occurred.
---> System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectoryEntry.get_Options()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
--- End of inner exception stack trace ---
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoApplicationDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.PrincipalSearcher.SetDefaultPageSizeForContext()
at Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider.SetApplicationClaims()
at Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider.Initialise()
--- End of inner exception stack trace ---
at Centrica.CE.SE.PortalX.Security.ADLDSClaimsProvider..ctor()
at lambda_method(Closure , IBuilderContext )
at Microsoft.Practices.ObjectBuilder2.DynamicBuildPlanGenerationContext.<>c__DisplayClass1.<GetBuildMethod>b__0(IBuilderContext context)
at Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context)
at Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context)
at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)
--- End of inner exception stack trace ---
at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)
at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, String name, IEnumerable`1 resolverOverrides)
at Microsoft.Practices.Unity.UnityContainerExtensions.Resolve[T](IUnityContainer container, ResolverOverride[] overrides)
at Centrica.CE.SE.PortalX.Security.AuthenticationManager.Authenticate(String resourceName, ClaimsPrincipal incomingPrincipal)
at Centrica.CE.SE.PortalX.MvcApplication.Application_PostAuthenticateRequest()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
at System.Web.Util.ArglessEventHandlerProxy.Callback(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
有关为何在我的本地计算机上运行但在IIS上托管时没有建议的任何建议?