另一台服务器中的Active Directory [英] Active Directory in another server
问题描述
我需要从另一个Windows 2003服务器上托管的ASPX应用程序访问Windows 2003服务器上驻留的Active Directory.
如果Active Directory和ASPX应用程序都在同一服务器上,则我的代码工作正常.但是当服务器不同时,出现服务器无法运行"错误.
我使用的LDAP路径是LDAP://FullyQualifiedServerName/OU =用户,OU = NPP,DC =示例,DC =我的服务器,DC =输入. (如果Active Directory和ASPX应用程序都托管在同一服务器上,则此方法有效.)
通过转到"Active Directory域和信任"并将该域添加到信任"选项卡,我已经在两个Windows 2003域之间建立了双向信任.我将信任类型用作Realm,因为与Windows域的信任"不起作用.我在两台服务器计算机上都这样做.我已禁用了来宾用户帐户,并且两个服务器中的用户(和密码)相同.访问活动目录时,我已经模拟了该用户.
这是我的代码:
Hi,
I need to access Active Directory that resides on Windows 2003 server from an ASPX application that is hosted on another Windows 2003 server.
I code works fine if both the Active Directory and ASPX application are on same server. But I get "The server is not operational" error when the servers are different.
The LDAP path I use is LDAP://FullyQualifiedServerName/OU=Users, OU=NPP,DC=example,DC=myserver,DC=in. (This works if both the Active Directory and ASPX application are hosted on the same server).
I have established two-way trust between the two windows 2003 domains by going to "Active Directory Domains And Trust" and adding the domain to Trust tab. I used trust type as Realm since "Trust with a Windows domain" did not work. This I did on both the server machines. I have disabled the Guest user account and I have same the user ( and same password) in both the servers. I have impersonated this user when I access active directory.
This is my code:
HttpContext context = HttpContext.Current;
IServiceProvider iServiceProvider = context as IServiceProvider;
Type httpWorkerRequestType = typeof(HttpWorkerRequest);
HttpWorkerRequest httpWorkerRequest =
iServiceProvider.GetService(httpWorkerRequestType) as HttpWorkerRequest;
IntPtr ptrUserToken = httpWorkerRequest.GetUserToken();
WindowsIdentity winIdentity = new WindowsIdentity(ptrUserToken);
/* Impersonate the user */
WindowsImpersonationContext impContext = winIdentity.Impersonate();
...
DirectoryEntry de = new DirectoryEntry(path, admin, apwd, AuthenticationTypes.Secure);
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.PropertiesToLoad.Add("distinguishedName");
deSearch.PropertiesToLoad.Add("samAccountName");
deSearch.Filter = "(samAccountName=" + UserName + ")";
// deSearch.SearchScope = SearchScope.Subtree;
SearchResult results = deSearch.FindOne();
if (!(results == null))
ds = results.Properties["distinguishedName"][0].ToString();
}
catch (Exception e)
{
throw e;
}
当我进入FindOne()时,它引发异常-服务器无法运行"堆栈跟踪指示DirectoryEntry.Bind()方法出错.
谁能告诉我我要去哪里错了.如果还有其他方法可以使该工作正常进行,我也对此持开放态度.但是架构是Active Directory与托管应用程序的IIS Web服务器位于不同的服务器上.
预先感谢,
迪帕
在此先谢谢您.
When I get to FindOne() it throws an Exception-"The server is not operational" The stack trace indicates error at DirectoryEntry.Bind() method.
Could any one tell me where I am going wrong. Incase there are other ways to get this working I am open to that too. But architecture is Active Directory is on a different server from IIS web server where the application is hosted.
Thanks in advance,
Deepa
Thanks in advance.
推荐答案
您是否尝试过无服务器绑定?
代替:
Have you tried serverless binding?
Instead of:
LDAP://FullyQualifiedServerName/OU =用户,OU = NPP,DC =示例,DC = myserver,DC =输入
LDAP://FullyQualifiedServerName/OU=Users, OU=NPP,DC=example,DC=myserver,DC=in
用途:
LDAP://domain.com/DC=domain,DC=com,OU=Users,OU=NPP,DC=example,DC=myserver,DC=in
(您可能还需要将<identity impersonate="true" />放在web.config中.
Use:
LDAP://domain.com/DC=domain,DC=com,OU=Users,OU=NPP,DC=example,DC=myserver,DC=in
(you may also need to put<identity impersonate="true" /> in the web.config.
这篇关于另一台服务器中的Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
