Active Directory获取使用PrincipalSearcher的用户列表会引发错误

时间:2016-02-02 22:01:23

标签: c# c#-4.0 active-directory activedirectorymembership

我需要在asp.net Web应用程序中实现两个功能。

  1. 使用Active Directory进行身份验证
  2. 获取Active Directory用户列表。
  3. 当我将IIS应用程序池设置为网络服务时,上述两者在客户端环境中都能正常工作。当我更改回IIS用户时,只有身份验证工作,但让用户列表停止工作。我不确定为什么会这样。

    这是我的代码:

    1. 身份验证:

      public bool AuthenticateADUser(string domain, string password, string username)
      {
          bool isValid = false;
      
          using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
          {
              isValid = pc.ValidateCredentials(username, password);
          }
      
          return isValid;
      }
      
    2. 获取Active Directory用户列表:

      using (var context = new PrincipalContext(ContextType.Domain, domain))
      {
          if (groupName != string.Empty)
          {   
              // get list of users for a group
              GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName);
      
              foreach (Principal principal in group.Members)
              {                            
                  AdUsers.Add(principal);                            
              }                        
          }
          else   // get all users regardless of group
          {
              using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
              {
                  foreach (Principal principal in searcher.FindAll())
                  {
                      if (principal.UserPrincipalName != null)
                          AdUsers.Add(principal);
                  }                            
              }  //end PrincipalSearcher using 
          }  //end else
      }  //end PrincipalContext using    
      
    3. 更新: 我不能说代码行是因为我将应用程序部署到客户端服务器,因此无法对其进行调试。但这是错误:

      异常信息:

      Exception type: DirectoryServicesCOMException 
      Exception message: Logon failure: unknown user name or bad password.
      
      at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
      at System.DirectoryServices.DirectoryEntry.Bind()
      at System.DirectoryServices.DirectoryEntry.get_AdsObject()
      at System.DirectoryServices.PropertyValueCollection.PopulateList()
      at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
      at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
      at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
      at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
      at System.DirectoryServices.AccountManagement.PrincipalSearcher.SetDefaultPageSizeForContext()
      at System.DirectoryServices.AccountManagement.PrincipalSearcher..ctor(Principal queryFilter)
      at WarshawGroup.OneVoice.User.bus_cUser.GetADUsers(String domain, String groupName)
      at WarshawGroup.OneVoice.UI.Data.Users.Modify.Page_Load(Object sender, EventArgs e)
      at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
      at System.Web.UI.Control.OnLoad(EventArgs e)
      at System.Web.UI.Control.LoadRecursive()
      at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
      

      更新

      它在

      处抛出异常
       var searcher = new PrincipalSearcher(new UserPrincipal(context)); 
      

      Context是PrincipalContext类型......

       var context = new PrincipalContext(ContextType.Domain, domain);
      

      PrincipalContext具有名为“ConnectedServer”的属性。 ConnectedServer的值为null,因此会抛出异常。

      如果我在PrincipalContext中传递用户名和密码以及域名,那么一切正常。示例...

       var context = new PrincipalContext(ContextType.Domain, domain,"username","pwd");
      

      似乎我需要冒充有权访问特定域的用户。

      有没有其他方法可以实现这个目标?

      谢谢,

0 个答案:

没有答案