Error with UserPrincipal Getauthorizationgroups

本文关键字：Getauthorizationgroups UserPrincipal with Error | 更新日期: 2023-09-27 18:28:35

错误1:发生操作错误。

错误2：尝试检索授权组时，出现错误（110）发生。

public static bool CheckGroupMembership(string userID, string groupName, string domain)
{
    bool isMember = false;
    // Get an error here, so then I use my username/password and it works... 
    PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain, domain); 
    UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(ADDomain, userID);
    PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetAuthorizationGroups(); //<-- Error is here: 
    foreach (Principal oResult in oPrincipalSearchResult)
    {
        if (oResult.Name.ToLower().Trim() == groupName.ToLower().Trim())
        {
            isMember = true;
        }
    }
    return isMember;
}

当我在同一台机器上调试时，这一切都有效，只有当我从远程服务器上调出网页时，它才会失败。

以下是我所做的。

因为我希望DLL保持独立于SharePoint，所以我在SharePoint调用中为需要此功能的方法添加了此功能。。。

        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            .... method goes here ....
        });

在它调用的DLL文件中，我添加了以下内容：

    private static bool UserHasPermisions(string userAccount, List<string> list)
    {
        bool userHasPermisions = true; 
        if (list != null && list.Count > 0)
        {
            userHasPermisions = false;
            foreach (string item in list)
            {
                if (CheckGroupMembership(userAccount, item, "domain.local goes here..."))
                {
                    userHasPermisions = true;
                }
            }
        }
        return userHasPermisions;
    }

public static bool CheckGroupMembership(string userID, string groupName, string domain)
    {
        bool isMember = false;
        try
        {
            PrincipalContext ADDomain = GetPrincipalContext();
            UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(ADDomain, userID);
            PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetAuthorizationGroups();
            foreach (Principal oResult in oPrincipalSearchResult)
            {
                if (oResult.Name.ToLower().Trim() == groupName.ToLower().Trim())
                {
                    isMember = true;
                }
            }
        }
        catch { }
        return isMember;
    }
    private static PrincipalContext GetPrincipalContext()
    {
        string domain = "your local domain";
        string defaultOU = "DC=domain here,DC=local";
        string serviceUser = @"domain here'read only system account";
        string servicePassword = @"password goes here";
        PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, domain, defaultOU, ContextOptions.SimpleBind, serviceUser, servicePassword);
        return oPrincipalContext;
    }

我不喜欢走这条路，但为了保持DLL的独立性，我不得不这样做。