UserPrincipal.FindByIdentity 坚持“服务器上没有这样的对象".
- 作者: 每李的炮摸
- 来源: 51数据库
- 2022-10-28
问题描述
我目前的目标是使用 System.DirectoryServices.AccountManagement 程序集中的实用程序为基于域安全组的 ASP.NET 应用程序实现只读角色提供程序.我有以下代码在我的开发域中运行良好,但在部署环境中失败:
使用 myContext 作为新的 PrincipalContext(ContextType.Domain, Nothing, "DC=My,DC=Controller", accountName, accountPassword)尝试Dim p As UserPrincipal = UserPrincipal.FindByIdentity(myContext, IdentityType.SamAccountName, userName)Dim 组 = p.GetAuthorizationGroups()对于每个 g 组Debug.WriteLine("找到安全组:" & g.DisplayName & vbNewLine)下一个Catch ex 作为例外Debug.WriteLine("遇到异常:" & vbNewLine & ex.ToString())结束尝试结束使用异常堆栈跟踪返回如下:
<前>System.DirectoryServices.AccountManagement.PrincipalOperationException:服务器上没有这样的对象.---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): 服务器上没有这样的对象.在 System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)在 System.DirectoryServices.DirectoryEntry.Bind()在 System.DirectoryServices.DirectoryEntry.get_SchemaEntry()在 System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)在 System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)在 System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry 条目)在 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()--- 内部异常堆栈跟踪结束 ---在 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()在 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()在 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()在 System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()在 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)在 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)在 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)我知道这里明显的问题"是确定对象实际上存在于服务器上.但是,我可以毫无疑问地确认,无论我使用哪个帐户的 SAM 帐户名,我都会从通话中收到相同的结果.此外,微软的 ActiveDirectoryMembershipProvider 对相同的 SAM 帐户名进行身份验证没有问题,我能够使用该信息通过 DirectorySearcher 类.我能确定的开发网络和部署之间的唯一区别是部署环境的 DC 是 Windows Server 2003 机器,而我在本地使用 Windows Server 2008 DC 进行开发.我可能会忽略什么?
由于某种原因,问题出在域控制器的路径上.将路径描述为 DC=box123,DC=dom 不起作用,但使用路径 box123.dom 起作用.不知道为什么,这不是我可以在本地域上复制的行为,但这解决了问题.
经过进一步调查,构造 DC=box123,DC=dom 当缩减为 DC=dom 时也能正常运行.我不了解寻址的动态,但我能够通过使用 DirectorySearcher 对象显示示例用户的路径来确定问题,该对象显示我的用户的路径为:LDAP://box123.dom/CN=username/CN=Users/DC=dom
I am currently aiming to implement a read-only role provider for an ASP.NET application based on domain security groups using the utilities in the System.DirectoryServices.AccountManagement assembly. I have the following piece of code which works fine on my development domain, but fails in the deployment environment:
Using myContext As New PrincipalContext(ContextType.Domain, Nothing, "DC=My,DC=Controller", accountName, accountPassword)
Try
Dim p As UserPrincipal = UserPrincipal.FindByIdentity(myContext, IdentityType.SamAccountName, userName)
Dim groups = p.GetAuthorizationGroups()
For Each g In groups
Debug.WriteLine("Found security group: " & g.DisplayName & vbNewLine)
Next
Catch ex As Exception
Debug.WriteLine("Encountered an exception: " & vbNewLine & ex.ToString())
End Try
End Using
The exception stack trace returns as follows:
System.DirectoryServices.AccountManagement.PrincipalOperationException: There is no such object on the server.
---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
--- End of inner exception stack trace ---
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
I know the obvious "gotcha" here is to be certain the object actually, well... exists on the server. However, I can confirm without a doubt that no matter which account's SAM Account Name I use, I receive the same result from the call. Additionally, Microsoft's ActiveDirectoryMembershipProvider has no trouble authenticating against the same SAM Account Name and I am able to find the object using that information with the DirectorySearcher class. The only differences I can identify between the development network and deployment is that the deployment environment's DC is a Windows Server 2003 box, whereas locally I am developing with a Windows Server 2008 DC. What might I be overlooking?
For some reason, the problem lay in the path to the domain controller. Describing the path as DC=box123,DC=dom did not work, but using the path box123.dom did. Can't say why, and it's not a behavior I can duplicate on the local domain, but that resolved the issue.
EDIT:
Upon further investigation, the construction DC=box123,DC=dom when pared down to DC=dom functioned correctly as well. I don't understand the dynamics of the addressing, but I was able to determine the trouble by displaying the path to a sample user using a DirectorySearcher object, which revealed the path to my user to be: LDAP://box123.dom/CN=username/CN=Users/DC=dom
- C#通过fleck实现wss协议的WebSocket多人Web实时聊天(附源码)
- 团队城市未满足要求:MSBuildTools12.0_x86_Path 存在
- 使用 MSBuild.exe 在发布模式下构建 C# 解决方案
- 当我发布 Web 应用程序时,AfterPublish 脚本不运行
- 构建时 T4 转换的产品仅在下一个构建中使用
- ASP.NET Core Application (.NET Framework) for Windows x64 only error in project.assets.json
- 新的 .csproj 格式 - 如何将整个目录指定为“链接文件"到子目录?
- 如何将条件编译符号(DefineConstants)传递给 msbuild
- MSBuild 支持 Visual Studio 2017 RTM 中的 T4 模板
- NuGet 包还原找不到包,没有源
