Question

我有表单身份验证：

<authentication mode="Forms">
</authentication>
<authorization>
  <deny users="?" />
</authorization>

我有一个登录页面并检查我的凭据：

public static bool ValidateCredentials(string sUserName, string sPassword, string sDomain)
{
    PrincipalContext oPrincipalContext = GetPrincipalContext(sDomain);
    try
    {
        return oPrincipalContext.ValidateCredentials(sUserName, sPassword);
    }
    catch (Exception ex)
    {
        ASTools.LogError(ex.ToString());
        return false;
    }
}

这是有效的。然后我想查看成员组。所以我这样做：

public static bool IsGroupMember(string username, string sDomain)
{
    List<string> groupList = new List<string>() {"WebDeveloper", "SyncDeveloper"};
    using (System.Web.Hosting.HostingEnvironment.Impersonate())
    {
        try
        {
            PrincipalContext domain = new PrincipalContext(ContextType.Domain, sDomain);
            UserPrincipal user = UserPrincipal.FindByIdentity(domain, IdentityType.SamAccountName, username);

            foreach (string groupname in groupList)
            {
                var group = GroupPrincipal.FindByIdentity(domain, groupname);
                if (group != null)
                {
                    if (group.GetMembers(true).Any(member => user.SamAccountName.ToLower() == member.SamAccountName.ToLower()))
                    {
                        return true;
                    }
                }
            }
        }
        catch (Exception ex)
        {
            ASTools.LogError(ex.ToString());
        }
    }
    return false;
}

在localhost中它可以正常工作，但是当我发布它时不会发生这个错误：

System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
at ASActiveDirectory.IsGroupMember(String username, String sDomain) in c:\inetpub\Applicazioni\DeviceManage\App_Code\ASActiveDirectory.cs:line 78

我尝试添加

using (System.Web.Hosting.HostingEnvironment.Impersonate())

以及

<identity impersonate="true"/>

然后我尝试将我的游泳池的身份更改为NetworkService和LocalSystem，但没有任何改变。我不明白为什么在我自己的电脑上，即使使用ApplicationPoolIdentity，一切正常。我知道这个问题已被多次询问，但我尝试了我发现的每一个建议，但他们不为我工作.. 请帮帮我！

Answer 1

我必须在PrincipalContext中添加用户名和密码：

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain, username, password);

表单身份验证 - 发生操作错误FindByIdentity

1 个答案: