System.DirectoryServices.AccountManagement不工作在服务器上 [英] System.DirectoryServices.AccountManagement not working on the server

问题描述

我使用 System.DirectoryServices.AccountManagement 找到登录用户的广告条目。这是伟大的工作在开发机器上的VS2008 Webdev的服务器。

I am using System.DirectoryServices.AccountManagement to find the logged-in user's AD entry. It is working great in the VS2008 WebDev server on developers machines.

但是，当我们安装了开发服务器上的code（Windows Server 2008中），我们得到一个访问错误。

But when we installed the code on the development server (windows server 2008), we get an access error.

无论是开发人员的机器和开发服务器都是同一个域的成员。

Both the developer's machine and the development server are members of the same domain.

我们有模拟开启，让我们连接到公元使用相同的用户凭据。

We have Impersonation turned on, so we are connecting to AD with the same user credentials.

什么是我们在这里丢失？为什么它的工作的开发人员的机器上，而不是开发服务器？

What are we missing here? Why is it working on the developer's machine, but not the development server?

这是我们正在接受实际的例外是发生操作错误。

The actual exception that we were receiving was "An operations error occurred".

推荐答案

经过一番研究，我发现下面的链接：<一href="http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/c314650a-ff5e-49e6-8f53-9a7cca17e806" rel="nofollow">http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/c314650a-ff5e-49e6-8f53-9a7cca17e806

After some research, I found the following link: http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/c314650a-ff5e-49e6-8f53-9a7cca17e806

在它一个用户介绍了解决问题的方法：

In it one user describes the solution to the problem:

我已经看到了这个错误，它关系到一个事实，即使用NTLM身份验证和模拟设置为true在web.config中时，IIS不能使用身份验证令牌对另一台服务器，因为它是一个次要令牌。

I have seen this error and it is related to the fact that when using NTLM authentication and impersonation set to true in web.config, IIS cannot use the authenticated token against another server since it is a "secondary token".

解决我的问题是总结我的Active Directory code有：

The solution to my issue was to wrap my Active Directory code with:

 using( HostingEnvironment.Impersonate() )
 {
    //Active Directory search goes here.
 }

这使得与应用程序池的标识调用AD，这在我的情况做的伎俩。

This makes the call to AD with the identity of the application pool, and it did the trick in my case.

这篇关于System.DirectoryServices.AccountManagement不工作在服务器上的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！