Active Directory获取使用PrincipalSearcher的用户列表会引发错误

时间:2016-02-02 22:01:23

标签: c# c#-4.0 active-directory activedirectorymembership

我需要在asp.net Web应用程序中实现两个功能。

  1. 使用Active Directory进行身份验证
  2. 获取Active Directory用户列表。

    3. 当我将IIS应用程序池设置为网络服务时,上述两者在客户端环境中都能正常工作。当我更改回IIS用户时,只有身份验证工作,但让用户列表停止工作。我不确定为什么会这样。

    这是我的代码:

    1. 身份验证:

      public bool AuthenticateADUser(string domain, string password, string username)
{
    bool isValid = false;

    using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
    {
        isValid = pc.ValidateCredentials(username, password);
    }

    return isValid;
}

    2. 获取Active Directory用户列表:

      using (var context = new PrincipalContext(ContextType.Domain, domain))
{
    if (groupName != string.Empty)
    {   
        // get list of users for a group
        GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName);

        foreach (Principal principal in group.Members)
        {                            
            AdUsers.Add(principal);                            
        }                        
    }
    else   // get all users regardless of group
    {
        using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
        {
            foreach (Principal principal in searcher.FindAll())
            {
                if (principal.UserPrincipalName != null)
                    AdUsers.Add(principal);
            }                            
        }  //end PrincipalSearcher using 
    }  //end else
}  //end PrincipalContext using

      3. 更新: 我不能说代码行是因为我将应用程序部署到客户端服务器,因此无法对其进行调试。但这是错误:

      异常信息:

      Exception type: DirectoryServicesCOMException 
Exception message: Logon failure: unknown user name or bad password.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.PrincipalSearcher.SetDefaultPageSizeForContext()
at System.DirectoryServices.AccountManagement.PrincipalSearcher..ctor(Principal queryFilter)
at WarshawGroup.OneVoice.User.bus_cUser.GetADUsers(String domain, String groupName)
at WarshawGroup.OneVoice.UI.Data.Users.Modify.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

      更新

      它在

      处抛出异常 
       var searcher = new PrincipalSearcher(new UserPrincipal(context));

      Context是PrincipalContext类型...... 

       var context = new PrincipalContext(ContextType.Domain, domain);

      PrincipalContext具有名为“ConnectedServer”的属性。 ConnectedServer的值为null,因此会抛出异常。

      如果我在PrincipalContext中传递用户名和密码以及域名,那么一切正常。示例... 

       var context = new PrincipalContext(ContextType.Domain, domain,"username","pwd");

      似乎我需要冒充有权访问特定域的用户。

      有没有其他方法可以实现这个目标?

      谢谢,

0 个答案:

没有答案
相关问题
最新问题