我有一个表单身份验证:
<authentication mode="Forms">
</authentication>
<authorization>
<deny users="?" />
</authorization>
我有一个登录页面并检查我所做的凭据:
public static bool ValidateCredentials(string sUserName, string sPassword, string sDomain)
{
PrincipalContext oPrincipalContext = GetPrincipalContext(sDomain);
try
{
return oPrincipalContext.ValidateCredentials(sUserName, sPassword);
}
catch (Exception ex)
{
ASTools.LogError(ex.ToString());
return false;
}
}
这行得通。然后我想检查成员组。因此我这样做:
public static bool IsGroupMember(string username, string sDomain)
{
List<string> groupList = new List<string>() {"WebDeveloper", "SyncDeveloper"};
using (System.Web.Hosting.HostingEnvironment.Impersonate())
{
try
{
PrincipalContext domain = new PrincipalContext(ContextType.Domain, sDomain);
UserPrincipal user = UserPrincipal.FindByIdentity(domain, IdentityType.SamAccountName, username);
foreach (string groupname in groupList)
{
var group = GroupPrincipal.FindByIdentity(domain, groupname);
if (group != null)
{
if (group.GetMembers(true).Any(member => user.SamAccountName.ToLower() == member.SamAccountName.ToLower()))
{
return true;
}
}
}
}
catch (Exception ex)
{
ASTools.LogError(ex.ToString());
}
}
return false;
}
在 localhost 中它可以工作,但是当我发布它时它没有并且发生此错误:
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
at ASActiveDirectory.IsGroupMember(String username, String sDomain) in c:\inetpub\Applicazioni\DeviceManage\App_Code\ASActiveDirectory.cs:line 78
我试图添加
using (System.Web.Hosting.HostingEnvironment.Impersonate())
并且
<identity impersonate="true"/>
NetworkService
然后我尝试将我的游泳池的身份更改为LocalSystem
但没有任何改变。我不明白为什么在我自己的电脑上一切正常,即使使用ApplicationPoolIdentity
..我知道这个问题已经被问过很多次,但我尝试了我发现的每一个建议,但它们对我不起作用..请帮助我!