如何允许我的Azure Web应用程序访问Active Directory?

时间:2018-10-09 15:56:18

标签: asp.net azure active-directory

我有一个WebForms应用程序,该应用程序使用Active Directory进行身份验证和授权。它在localhost上正常工作,但是一旦发布到Azure后尝试访问该站点时失败。我确保该应用程序已在Azure Active Directory中注册。如果我不尝试获取当前用户的AD安全组,则该应用程序将启动并正常运行。这是引起问题的网站管理员的Page_Load事件中的代码:

protected void Page_Load(object sender, EventArgs e)
    {
        PrincipalSearchResult<Principal> groups = UserPrincipal.Current.GetAuthorizationGroups();

        IEnumerable<string> groupNames = groups.Select(x => x.Name);

        if (HttpContext.Current.User.Identity.IsAuthenticated)
        {
            HyperLink newphaud = LIV.FindControl("liaNewPhaud") as HyperLink;
            HtmlGenericControl liadmin = LIV.FindControl("navAdminsDdl") as HtmlGenericControl;

            newphaud.Visible = (groupNames.Contains("SG1") || groupNames.Contains("SG2"));

            liadmin.Visible = groupNames.Contains("SG1");
        }
    }

以下是异常详细信息:

System.Runtime.InteropServices.COMException:访问被拒绝。

这是堆栈跟踪:

[COMException (0x80070005): Access is denied.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +399115
   System.DirectoryServices.DirectoryEntry.Bind() +36
   System.DirectoryServices.DirectoryEntry.RefreshCache() +45
   System.DirectoryServices.AccountManagement.PrincipalContext.DoMachineInit() +211
   System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +128
   System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +31
   System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +14
   System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) +90
   System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) +32
   System.DirectoryServices.AccountManagement.UserPrincipal.get_Current() +191
   phaud.SiteMaster.Page_Load(Object sender, EventArgs e) in C:\Users\user1\source\repos\phaud\phaud\Site.Master.cs:19
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
   System.Web.UI.Control.OnLoad(EventArgs e) +95
   System.Web.UI.Control.LoadRecursive() +59
   System.Web.UI.Control.LoadRecursive() +131
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +678

要允许我的Azure Web应用访问AD,我需要做什么?

1 个答案:

答案 0 :(得分:0)

请注意,Azure AD!= Windows AD。从代码看来,您的应用似乎正在访问本地Windows AD。因此,当您使用Azure时,基本上有两种选择   1)使用Azure AD API进行身份验证并获取用户信息   2)您可以有一个单独的运行Windows AD的Windows VM,然后您的Azure Web App可以访问它。

如果我是你,我会探索第一种选择。希望对您有帮助

相关问题
最新问题