0

我有一个表单身份验证:

<authentication mode="Forms">
</authentication>
<authorization>
  <deny users="?" />
</authorization>

我有一个登录页面并检查我所做的凭据:

public static bool ValidateCredentials(string sUserName, string sPassword, string sDomain)
{
    PrincipalContext oPrincipalContext = GetPrincipalContext(sDomain);
    try
    {
        return oPrincipalContext.ValidateCredentials(sUserName, sPassword);
    }
    catch (Exception ex)
    {
        ASTools.LogError(ex.ToString());
        return false;
    }
}

这行得通。然后我想检查成员组。因此我这样做:

public static bool IsGroupMember(string username, string sDomain)
{
    List<string> groupList = new List<string>() {"WebDeveloper", "SyncDeveloper"};
    using (System.Web.Hosting.HostingEnvironment.Impersonate())
    {
        try
        {
            PrincipalContext domain = new PrincipalContext(ContextType.Domain, sDomain);
            UserPrincipal user = UserPrincipal.FindByIdentity(domain, IdentityType.SamAccountName, username);

            foreach (string groupname in groupList)
            {
                var group = GroupPrincipal.FindByIdentity(domain, groupname);
                if (group != null)
                {
                    if (group.GetMembers(true).Any(member => user.SamAccountName.ToLower() == member.SamAccountName.ToLower()))
                    {
                        return true;
                    }
                }
            }
        }
        catch (Exception ex)
        {
            ASTools.LogError(ex.ToString());
        }
    }
    return false;
}

在 localhost 中它可以工作,但是当我发布它时它没有并且发生此错误:

System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
at ASActiveDirectory.IsGroupMember(String username, String sDomain) in c:\inetpub\Applicazioni\DeviceManage\App_Code\ASActiveDirectory.cs:line 78

我试图添加

using (System.Web.Hosting.HostingEnvironment.Impersonate())

并且

<identity impersonate="true"/>

NetworkService然后我尝试将我的游泳池的身份更改为LocalSystem但没有任何改变。我不明白为什么在我自己的电脑上一切正常,即使使用ApplicationPoolIdentity..我知道这个问题已经被问过很多次,但我尝试了我发现的每一个建议,但它们对我不起作用..请帮助我!

4

1 回答 1

0

我必须在以下位置添加用户名和密码PrincipalContext

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain, username, password);
于 2015-12-22T11:50:26.213 回答