c# - UserPrincipal Getauthorizationgroups 出错

Question

Error1：发生操作错误。

错误 2：尝试检索授权组时，发生错误 (110)。

public static bool CheckGroupMembership(string userID, string groupName, string domain)
{
    bool isMember = false;

    // Get an error here, so then I use my username/password and it works... 
    PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain, domain); 

    UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(ADDomain, userID);

    PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetAuthorizationGroups(); //<-- Error is here: 

    foreach (Principal oResult in oPrincipalSearchResult)
    {
        if (oResult.Name.ToLower().Trim() == groupName.ToLower().Trim())
        {
            isMember = true;
        }
    }
    return isMember;
}

当我在同一台机器上调试时，这一切都有效，只有当我从远程服务器上拉网页时才会失败。

score 0 · Accepted Answer

这就是我所做的。

因为我希望 DLL 与 SharePoint 保持分离和独立，所以我在 SharePoint 调用中添加了这个，用于需要这个的方法......

        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            .... method goes here ....
        });

在它调用的 DLL 文件中，我添加了这个：

    private static bool UserHasPermisions(string userAccount, List<string> list)
    {
        bool userHasPermisions = true; 

        if (list != null && list.Count > 0)
        {
            userHasPermisions = false;

            foreach (string item in list)
            {
                if (CheckGroupMembership(userAccount, item, "domain.local goes here..."))
                {
                    userHasPermisions = true;
                }
            }
        }

        return userHasPermisions;
    }


public static bool CheckGroupMembership(string userID, string groupName, string domain)
    {
        bool isMember = false;

        try
        {
            PrincipalContext ADDomain = GetPrincipalContext();

            UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(ADDomain, userID);

            PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetAuthorizationGroups();

            foreach (Principal oResult in oPrincipalSearchResult)
            {
                if (oResult.Name.ToLower().Trim() == groupName.ToLower().Trim())
                {
                    isMember = true;
                }
            }
        }
        catch { }

        return isMember;
    }

    private static PrincipalContext GetPrincipalContext()
    {
        string domain = "your local domain";
        string defaultOU = "DC=domain here,DC=local";
        string serviceUser = @"domain here\read only system account";
        string servicePassword = @"password goes here";

        PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, domain, defaultOU, ContextOptions.SimpleBind, serviceUser, servicePassword);

        return oPrincipalContext;
    }

我不喜欢走这条路，但为了保持 DLL 的独立性，我不得不这样做。

c# - UserPrincipal Getauthorizationgroups 出错

1 回答 1

Related

Reference