C#，ASP.net和远程WMI使我发疯... [英] C#, ASP.net, and Remote WMI, are driving me insane...

问题描述

已经为我们的活动目录域设计了一个基于Web的内部用户管理脚本.除了发出远程WMI调用以完成一些小事情(例如创建文件夹或共享)外，它的工作原理非常好. :(

概述:
- - 网站本身当前在我的开发计算机上运行，​​可以使用VS ASP.NET开发服务器，也可以使用Vista下的IIS7.
- - 表示开发机器已加入一个域，我们将其称为DOMAINA，这不是*我正在尝试对其进行更改的域生产此脚本可能需要托管在一个域中的计算机上，但要更改另一个域).开发机.此VM是DEVDOMAIN.TEST域的唯一域控制器，并且正在运行Windows Server 2008.来回交流任何其他内容都没有问题(主网站也使用System.DirectoryServices命名空间完成了很多工作，并且它们都可以正常工作e.)

为了使调试和更改变得更简单，我构建了一个小的test.aspx文件，该文件不会做所有额外的工作，仅需一次尝试在域上创建一个文件夹控制器...这是目前测试脚本的大部分内容:

Have designed an in-house web based user management script for our active directory domains.  Works wonderfully, except when it comes to issuing remote WMI calls to do little things, like create a folder or share. :(

Overview:
  -  the website itself currently runs on my development machine, either using the VS ASP.NET development server, or IIS7 under Vista.   Makes no difference in the end result.
  -  said development machine is joined to a domain, we'll call it DOMAINA, which is *not* the domain I'm attempting to make changes to (in production this script may need to be hosted on a machine in one domain, but make changes to another)
  -  the domain controller I'm attempting to create the folder on is a virtual machine also running on my development machine.  This VM is the sole domain controller for the DEVDOMAIN.TEST domain, and is running Windows Server 2008. 
  -  Pretty straightforward stuff.... the VM and my machine have no problems communicating back and forth for anything else (the main website also does a bunch of things using the System.DirectoryServices namespace, and they all work fine.)

To make it simpler to debug and make changes, I built a small test.aspx file that doesn't do all the extra stuff, just a single attempt to create a folder on the domain controller... here's the bulk of that test script as it stands right now:

        System.Text.StringBuilder sb = new System.Text.StringBuilder();

        string sAdd = "\\\\192.168.19.129\\ROOT\\CIMV2";

        ManagementScope oMs = new ManagementScope(sAdd);

        oMs.Options.Username = "DEVDOMAIN\\devadmin";

        oMs.Options.Password = "DevAdminPassword";
        oMs.Options.EnablePrivileges = true;
        oMs.Options.Authentication = AuthenticationLevel.PacketPrivacy;
        oMs.Options.Impersonation = ImpersonationLevel.Impersonate;

        oMs.Connect();
            ObjectGetOptions objectGetOptions = new ObjectGetOptions();
            ManagementPath managementPath = new ManagementPath("Win32_Process");
            ManagementClass processClass = new ManagementClass(oMs, managementPath, objectGetOptions);
            ManagementBaseObject inParams = processClass.GetMethodParameters("Create");

            inParams["CommandLine"] = @"cmd.exe /c md " + sLocation;
            ManagementBaseObject outParams = processClass.InvokeMethod("Create", inParams, null);

            outParams.Dispose();
            inParams.Dispose();

当前，当我运行测试时，它在oMs.Connect()处爆炸，并带有 发生了特定于安全软件包的错误. (来自HRESULT的异常:0x80070721) 错误.

我可以在msdn中找到用于更改Options.Authentication和Options.Impersonation的组合，甚至尝试同时使用"ntlmdomain:"和和"kerberos:" ...无论如何，我都无法使该脚本可靠地工作.

确实是问题所在.如果尝试尝试，但失败了，并且说，请使用权限，模拟或身份验证选项，然后再试一次，它将*有效*，但是如果我重新启动服务器并再试一次，它将再次失败与特定于软件包的错误. :(  我将代码更改几次(每次尝试)，然后砰"一声，它会突然正常工作..直到我再次重新启动服务器.  

我已经进入服务器，特别是给devadmin授予dcomcnfg和wmimgmt.msc的全部权限，我尝试在开发机器上关闭UAC(我注意到有两个我在网上找到的WMI调试工具中的一个会导致弹出UAC提示，因此我认为这可能是一些奇怪的"UAC干扰出站WMI"之类的东西.)

我很沮丧. ; 有什么想法吗?

Currently when I run the test, it blows up at the oMs.Connect(), with a A security package specific error occurred. (Exception from HRESULT: 0x80070721) error.

I have tried every combination I can locate in msdn for changing Options.Authentication and Options.Impersonation, and even tried specifying the Options.Authority, using both "ntlmdomain:" and "kerberos:"... no matter what, I can't make this script work dependably.

Dependably being the problem.  If I try it, and it fails, and I say, play with the authority, impersonation, or authentication options, and try it again, it *will* work, but then if I reboot the server and try again, it fails once more with the package specific error. :(   and I'll change the code a couple of times (trying each time), and "bang", it will suddenly work fine.. until I reboot the server again.   It's maddening. 

I have gone into the server, and specifically given devadmin full rights in both dcomcnfg and wmimgmt.msc,  I've tried turning UAC off on my development machine (I noticed that a couple of WMI debugging tools I found online would cause a UAC prompt to pop up, so I thought maybe it was some strange "UAC interferes with outbound WMI" or something).

I'm stumped.   Any ideas?

推荐答案

听起来像令牌在您的身份验证中没有更新.

Sounds like the token is not being updated in your authentication.

在代码期间进行常规身份验证检查.除此之外-无济于事.

Do regular authentication checks during your code. Apart from that - can't help.

这篇关于C#，ASP.net和远程WMI使我发疯...的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！