6

The following code only works while only Windows Authentication is enabled in IIS for local users on our network.

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
     UserPrincipal up = UserPrincipal.FindByIdentity(ctx, userName);
     return up;
}

Otherwise it throws this exception:

[ArgumentException: The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.] System.DirectoryServices.ResultsEnumerator.MoveNext() +434305 System.DirectoryServices.SearchResultCollection.get_InnerList() +282 System.DirectoryServices.SearchResultCollection.get_Count() +9 System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory) +1898 System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate) +85 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +211 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95 WebApplication1.Index.GetUserPrincipal(String userName) in C:\Users\xxx\Documents\Visual Studio 2010\Projects\WebApplication1\WebApplication1\Index.aspx.cs:38 WebApplication1.Index.Page_Load(Object sender, EventArgs e) in C:\Users\xxx\Documents\Visual Studio 2010\Projects\WebApplication1\WebApplication1\Index.aspx.cs:19 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive() +71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064

Is there any way of getting this to work for getting our local users UserPrincipal while Windows and Anonymous authentication are both turned on?

4

2 回答 2

1

userName必须是一个空字符串(或以其他方式,完全由空格组成),并且显然它没有被FindByIdentity.

于 2013-04-09T14:31:21.123 回答
0

不确定您是如何让 FindByIdentity 工作的,因为我认为还需要指定身份类型?IE:

UserPrincipal up = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, userName);

无论哪种方式,如果你强迫它,模拟可能会起作用。因此,在该代码段之前使用以下内容:

// This will impersonate the logged in user in order to get whichever username you require GIVEN the logged in user has AD read/querying rights.

System.Web.HttpContext.Current.Request.LogonUserIdentity.Impersonate();
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
    {
    UserPrincipal up = UserPrincipal.FindByIdentity(ctx, userName);
    return up;
    }
于 2013-04-09T14:25:41.647 回答