Error with UserPrincipal Getauthorizationgroups
本文关键字:Getauthorizationgroups UserPrincipal with Error | 更新日期: 2023-09-27 18:28:35
错误1:发生操作错误。
错误2:尝试检索授权组时,出现错误(110)发生。
public static bool CheckGroupMembership(string userID, string groupName, string domain)
{
bool isMember = false;
// Get an error here, so then I use my username/password and it works...
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain, domain);
UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(ADDomain, userID);
PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetAuthorizationGroups(); //<-- Error is here:
foreach (Principal oResult in oPrincipalSearchResult)
{
if (oResult.Name.ToLower().Trim() == groupName.ToLower().Trim())
{
isMember = true;
}
}
return isMember;
}
当我在同一台机器上调试时,这一切都有效,只有当我从远程服务器上调出网页时,它才会失败。
以下是我所做的。
因为我希望DLL保持独立于SharePoint,所以我在SharePoint调用中为需要此功能的方法添加了此功能。。。
SPSecurity.RunWithElevatedPrivileges(delegate()
{
.... method goes here ....
});
在它调用的DLL文件中,我添加了以下内容:
private static bool UserHasPermisions(string userAccount, List<string> list)
{
bool userHasPermisions = true;
if (list != null && list.Count > 0)
{
userHasPermisions = false;
foreach (string item in list)
{
if (CheckGroupMembership(userAccount, item, "domain.local goes here..."))
{
userHasPermisions = true;
}
}
}
return userHasPermisions;
}
public static bool CheckGroupMembership(string userID, string groupName, string domain)
{
bool isMember = false;
try
{
PrincipalContext ADDomain = GetPrincipalContext();
UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(ADDomain, userID);
PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetAuthorizationGroups();
foreach (Principal oResult in oPrincipalSearchResult)
{
if (oResult.Name.ToLower().Trim() == groupName.ToLower().Trim())
{
isMember = true;
}
}
}
catch { }
return isMember;
}
private static PrincipalContext GetPrincipalContext()
{
string domain = "your local domain";
string defaultOU = "DC=domain here,DC=local";
string serviceUser = @"domain here'read only system account";
string servicePassword = @"password goes here";
PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, domain, defaultOU, ContextOptions.SimpleBind, serviceUser, servicePassword);
return oPrincipalContext;
}
我不喜欢走这条路,但为了保持DLL的独立性,我不得不这样做。