System.DirectoryServices.AccountManagement.PrincipalContext和模拟的WCF服务 [英] System.DirectoryServices.AccountManagement.PrincipalContext and Impersonation in a WCF service

问题描述

与在$ PrincipalContext C $ C，它背后是一个WCF服务工作。 WCF服务正在模拟，让一个直通式的认证。

Working with the PrincipalContext in code that lies behind a WCF service. The WCF service is impersonating, to allow a 'pass-through' type authentication.

尽管一切我做的与Active Directory（主要是 System.DirectoryServices.Protocols 命名空间）工作正常，在这种情况下，由于某种原因，类System.DirectoryServices中。 AccountManagement抛出一个合适的。样品code失败：

While everything else I do with Active Directory (mostly the System.DirectoryServices.Protocols namespace) works fine in this scenario, for some reason the classes in System.DirectoryServices.AccountManagement throw a fit. Sample code that fails:

PrincipalContext context = new PrincipalContext(ContextType.Domain, domainName);
UserPrincipal user = 
    UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, UserName);

当我打这个电话，以 FindByIdentity ，我得到一个收到COMException：发生操作错误。调用到 PrincipalContext 也失败了，例如：

When I make the call to FindByIdentity, I get a COMException: "An operations error has occurred". Calls to the PrincipalContext also fail, e.g.:

string server = context.ConnectedServer;

两个 OperationContext.Current.ServiceSecurityContext 和 Thread.CurrentPrincipal.Identity 显示模拟正常工作。而且，就像我说的，在S.DS.P其他AD任务，做工精细。

Both OperationContext.Current.ServiceSecurityContext and Thread.CurrentPrincipal.Identity show the impersonation is working correctly. And, like I say, other AD tasks in S.DS.P work fine.

如果我明确地设置凭据 PrincipalContext ，一切正常。例如：

If I explicitly set credentials on the PrincipalContext, everything works. For example:

PrincipalContext context = 
    new PrincipalContext(ContextType.Domain, domainName, user, password);
UserPrincipal user = 
    UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, UserName);

现在一切正常。但我不知道从主叫用户名和密码;我必须依靠模拟。

Now everything works. But I won't know the username and password from the caller; I must rely on the impersonation.

这是什么原因，我看到了问题的任何想法？

Any ideas on what would cause the issue I'm seeing?

在此先感谢！ 詹姆斯

推荐答案

确认SPN是设置应用程序池，代表团被设置于公元，并且该应用程序池帐户具有充当操作系统特权的一部分。

Make sure an spn is set for the app pool, delegation is set in AD, and that the app pool account has the act as part of the os privilege.

这篇关于System.DirectoryServices.AccountManagement.PrincipalContext和模拟的WCF服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！