以下代码在我的开发 PC 上运行良好,但在部署到服务器时崩溃:
using System.DirectoryServices.AccountManagement;
using (var ctx = new PrincipalContext(ContextType.Domain, domainName))
using (GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName))
{
if (grp == null) return new string[0];
return grp.GetMembers(true).Select(m => m.SamAccountName).ToArray();
}
崩溃如下:
[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +439513
System.DirectoryServices.DirectoryEntry.Bind() +36
System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
System.DirectoryServices.PropertyValueCollection.PopulateList() +22
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +96
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +141
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +1134
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +37
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +124
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +31
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +14
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) +86
System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) +29
WebApp.WebForm1.Test() in C:\MyProject\trunk\WebApp\WebForm1.aspx.cs:30
设想:
- 已加入域的 Windows Server 2008 x64 上的 IIS7
- ASP.NET 4 内网应用程序
- IIS 中除集成 Windows 身份验证外的所有身份验证模式均已关闭
- 配置为以域用户身份运行的应用程序池
Web.config 如下:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
<identity impersonate="true" >
System.Security.Principal.WindowsIdentity.GetCurrent().Name
在生产中正确返回我的 AD 用户名,所以我认为这意味着模拟工作正常。