1

我有两个需要在 asp.net Web 应用程序中实现的功能。

  1. 使用 Active Directory 进行身份验证
  2. 获取 Active Directory 用户列表。

当我将 IIS 应用程序池设置为网络服务时,以上两者在客户端环境中都可以正常工作。当我改回 IIS 用户时,只有身份验证有效,但让用户列表停止工作。我不确定为什么会这样。

这是我的代码:

  1. 验证: 

    public bool AuthenticateADUser(string domain, string password, string username)
{
    bool isValid = false;

    using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
    {
        isValid = pc.ValidateCredentials(username, password);
    }

    return isValid;
}

  2. 获取 Active Directory 用户列表:

    using (var context = new PrincipalContext(ContextType.Domain, domain))
{
    if (groupName != string.Empty)
    {   
        // get list of users for a group
        GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName);

        foreach (Principal principal in group.Members)
        {                            
            AdUsers.Add(principal);                            
        }                        
    }
    else   // get all users regardless of group
    {
        using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
        {
            foreach (Principal principal in searcher.FindAll())
            {
                if (principal.UserPrincipalName != null)
                    AdUsers.Add(principal);
            }                            
        }  //end PrincipalSearcher using 
    }  //end else
}  //end PrincipalContext using

更新:我不能说哪行代码,因为我将应用程序部署到客户端服务器,所以无法调试它。但这是错误:

异常信息:

Exception type: DirectoryServicesCOMException 
Exception message: Logon failure: unknown user name or bad password.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.PrincipalSearcher.SetDefaultPageSizeForContext()
at System.DirectoryServices.AccountManagement.PrincipalSearcher..ctor(Principal queryFilter)
at WarshawGroup.OneVoice.User.bus_cUser.GetADUsers(String domain, String groupName)
at WarshawGroup.OneVoice.UI.Data.Users.Modify.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

更新:

它在

 var searcher = new PrincipalSearcher(new UserPrincipal(context));

上下文是 PrincipalContext 类型...

 var context = new PrincipalContext(ContextType.Domain, domain);

PrincipalContext 具有名为“ConnectedServer”的属性。ConnectedServer 的值为 null,因此会引发异常。

如果我在 PrincipalContext 中传递用户名和密码以及域,一切正常。示例...

 var context = new PrincipalContext(ContextType.Domain, domain,"username","pwd");

看来我需要冒充有权访问特定域的用户。

还有其他方法可以实现吗?

谢谢,

4

0 回答 0