我需要在asp.net Web应用程序中实现两个功能。
当我将IIS应用程序池设置为网络服务时,上述两者在客户端环境中都能正常工作。当我更改回IIS用户时,只有身份验证工作,但让用户列表停止工作。我不确定为什么会这样。
这是我的代码:
身份验证:
public bool AuthenticateADUser(string domain, string password, string username)
{
bool isValid = false;
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
{
isValid = pc.ValidateCredentials(username, password);
}
return isValid;
}
获取Active Directory用户列表:
using (var context = new PrincipalContext(ContextType.Domain, domain))
{
if (groupName != string.Empty)
{
// get list of users for a group
GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName);
foreach (Principal principal in group.Members)
{
AdUsers.Add(principal);
}
}
else // get all users regardless of group
{
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{
foreach (Principal principal in searcher.FindAll())
{
if (principal.UserPrincipalName != null)
AdUsers.Add(principal);
}
} //end PrincipalSearcher using
} //end else
} //end PrincipalContext using
更新: 我不能说代码行是因为我将应用程序部署到客户端服务器,因此无法对其进行调试。但这是错误:
异常信息:
Exception type: DirectoryServicesCOMException
Exception message: Logon failure: unknown user name or bad password.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.PrincipalSearcher.SetDefaultPageSizeForContext()
at System.DirectoryServices.AccountManagement.PrincipalSearcher..ctor(Principal queryFilter)
at WarshawGroup.OneVoice.User.bus_cUser.GetADUsers(String domain, String groupName)
at WarshawGroup.OneVoice.UI.Data.Users.Modify.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
更新
它在
处抛出异常 var searcher = new PrincipalSearcher(new UserPrincipal(context));
Context是PrincipalContext类型......
var context = new PrincipalContext(ContextType.Domain, domain);
PrincipalContext具有名为“ConnectedServer”的属性。 ConnectedServer的值为null,因此会抛出异常。
如果我在PrincipalContext中传递用户名和密码以及域名,那么一切正常。示例...
var context = new PrincipalContext(ContextType.Domain, domain,"username","pwd");
似乎我需要冒充有权访问特定域的用户。
有没有其他方法可以实现这个目标?
谢谢,