与UserPrincipal.GetAuthorizationGroups错误()方法 [英] Error with UserPrincipal.GetAuthorizationGroups() method
问题描述
我现在用的是UserPrincipal类的GetAuthorizationGroups方法,在Web应用程序中有一个问题。
I am having an issue using the GetAuthorizationGroups method of the UserPrincipal class in a web application.
使用下面的code,我收到试图获取授权组,一个错误(5)发生
Using the following code, I am receiving "While trying to retrieve the authorization groups, an error (5) occurred"
PrincipalContext context = new PrincipalContext(ContextType.Domain, null, "DC=MyCompany,DC=COM", "username", "password");
UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "joe.blogs");
var groups = p.GetAuthorizationGroups();
我相信这code工作在一定程度上。
I believe this code works to an extent.
- 当我查看上下文对象,我可以看到服务器和用户名/密码已在对象正确地解析
- 当我查看p对象,我可以看到AD细节都被填充像电话号码等。
下面是错误的堆栈跟踪。
Here is the stack trace from the error.
[PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.]
System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) +317279
System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) +441
System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() +78
System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups() +11
通过从PrincipalContext构造函数删除用户名和密码信息,并改变applicationpool(在IIS7),以相同的用户(username@mycompany.com)运行 - 以下code ++工程
By removing the username and password details from the PrincipalContext constructor and changing the applicationpool (in iis7) to run as the same user (username@mycompany.com) - the following code works.
PrincipalContext context = new PrincipalContext(ContextType.Domain, null, "DC=MyCompany,DC=COM");
UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "joe.blogs");
var groups = p.GetAuthorizationGroups();
我需要得到code。在第一个例子中的工作 - 我不想要运行的应用程序池作为域用户只是为了得到这个code工作
I need to get the code in the first example to work - I do not want run the application pool as a domain user just to get this code working.
推荐答案
我处理了这个相同的问题。查看类似的问题的讨论。 http://stackoverflow.com/a/8347817/2012977
I dealt with this same problem. See discussion on similar question. http://stackoverflow.com/a/8347817/2012977
解决方案是如下:
public List<GroupPrincipal> GetGroups(string userName)
{
var result = new List<GroupPrincipal>();
PrincipalContext ctx = GetContext(); /*function to get domain context*/
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName);
if (user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
var iterGroup = groups.GetEnumerator();
using (iterGroup)
{
while (iterGroup.MoveNext())
{
try
{
Principal p = iterGroup.Current;
result.Add((GroupPrincipal) p);
}
catch (PrincipalOperationException)
{
continue;
}
}
}
}
return result;
}
这篇关于与UserPrincipal.GetAuthorizationGroups错误()方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!