调用UserPrincipal.FindByIdentity时出现DirectoryServiceCOMExceptio
本文关键字:DirectoryServiceCOMExceptio UserPrincipal FindByIdentity 调用 | 更新日期: 2023-09-27 18:21:11
试图解决基于AD凭据创建用户的错误,我得到了上述异常,但由于访问限制,我的可用信息在某种程度上仅限于日志文件。我知道这是一个权限问题,但我发现的所有建议都没有产生不同的结果。
这个主要项目被设置为使用表单身份验证和匿名身份验证,但我们有一个单独的"员工"项目,使用Windows身份验证来针对AD对内部用户进行身份验证。
根据我发现的建议,我更改了以下内容:
- 在AppPool上将.Net Framework更改为4.x
- 尝试通过IIS接口启用.Net模拟
- 已更改匿名身份验证以使用应用程序池标识
- Identity设置为ApplicationPoolIdentity-更改为网络会导致应用程序池停止
当前服务器配置正在使用同一AD服务器的内部暂存服务器上运行。这是我在日志中得到的堆栈转储:
2014-09-09 15:33:24,365 |28| (Services.Security.UserManagement.UserPrincipal) [ INFO] - About to call FindByIdentity
2014-09-09 15:33:24,365 |28| (Services.Security.UserManagement.UserPrincipal) [ INFO] - Current IIS user is: IIS APPPOOL'DefaultAppPool
2014-09-09 15:33:24,397 |28| (Services.Security.UserManagement.UserPrincipal) [ERROR] - EXCEPTION in Method: Initialize - Exception: System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at Services.Security.UserManagement.UserPrincipal.Initialize()
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
导致异常的代码如下:
private void Initialize()
{
if (this.principal == null)
{
if (HttpContext.Current != null)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[ConstantsEnum.WindowsAuthCookie];
if (cookie != null)
{
string username = this.AesEncryptor.Decrypt(cookie.Value);
this.context = new PrincipalContext(ContextType.Domain, ConstantsEnum.DomainName);
this.principal = System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(this.context, username);
if (this.principal == null)
{
throw new ArgumentNullException(string.Format("The UserPrincipal for {0} was not found.", username));
}
}
}
}
在代码中添加了一些日志记录(这导致了上面的信息行)并准确地找到了发生的事情后,我发现应用程序并没有试图传递登录的用户令牌,而是使用DefaultAppPool标识。我发现这个问题描述了我的情况,当将DefaultAppPoolIdentity从ApplicationPoolIdentity更改为LocalSystem时,我能够按预期使用该项目。