在尝试检索授权组时,发生了错误(5)

时间:2011-04-28 06:32:21

标签: c# asp.net active-directory

如果我在服务器上运行应用程序,而不是在本地运行应用程序,则会出现此错误。为什么这发生在服务器而不是本地?

List<GroupPrincipal> result = new List<GroupPrincipal>();

// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);

// if found - grab its groups
if (user != null)
{
//here happens the error on server.
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

请帮帮我。

堆栈跟踪:

   [PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.]
   System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) +317263
   System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) +441
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() +78
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups() +11
   IntegrationApp.App_Code.ActiveDir.GetGroups(String userName) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\App_Code\3-Tier\DAL\ActiveDir.cs:54
   IntegrationApp.App_Code._3_Tier.BAL.DatabaseBAL.BepaalDefaultNiveau2(String melder) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\App_Code\3-Tier\BAL\DatabaseBAL.cs:75
   IntegrationApp.Detailscherm.VulLijsten() in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\Detailscherm.aspx.cs:89
   IntegrationApp.Detailscherm.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\Detailscherm.aspx.cs:30
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
   System.Web.UI.Control.OnLoad(EventArgs e) +132
   System.Web.UI.Control.LoadRecursive() +66
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

4 个答案:

答案 0 :(得分:10)

我找到了另一种解决方案来访问GROUPS:

PrincipalSearchResult<Principal> groups = user.GetGroups();

答案 1 :(得分:3)

您的进程在服务器上运行的身份是什么?最有可能的是,该用户没有访问Active Directory的正确权限。

您可以测试它是否适用于PrincipalContext的构造函数吗?

PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain, "MY.DOMAIN.HERE", "USERNAME", "PASSWORD");

如果可行,您可能希望为您的应用创建专用域用户。

答案 2 :(得分:3)

我发现执行GetAuthorizationGroups需要Windows授权访问组的成员资格。

请参阅以下文章: http://support.microsoft.com/kb/331951

答案 3 :(得分:2)

只是一个猜测,但这听起来像是信任级别的问题。看看这里包含的信息是否有帮助:

您是以管理员身份运行它还是服务器上的限制帐户?

如果是这样,我会尝试在服务器上完全信任它(如果可以的话),看看问题是否消失。