在生产时出现Directory.Services错误
以下代码在本地计算机上的Visual Studio Development环境中正常工作。然而,当我将文件移动到Windows 2008 R2的IIS 7.5的机器,我得到以下错误:在生产时出现Directory.Services错误
[DirectoryServicesCOMException (0x80072020): An operations error occurred. ] _Default.GetFullName(String strLoginName, String& STR_FIRST_NAME, String& STR_LAST_NAME, String& STR_DISPLAY_NAME, String& STR_MAIL, String& STR_OFFICE_PHONE, String& STR_ADDRESS) in c:\AuthTest\Default.aspx.cs:87 _Default.Page_Load(Object sender, EventArgs e) in c:\AuthTest\Default.aspx.cs:23
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive() +71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064
我有IIS中启用Windows身份验证,所以我不知道如果我失去了别的东西。我的本地机器和Web服务器都在同一个域中。
这里是我的代码:
using System;
using System.DirectoryServices;
using System.Web.Hosting;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//Gets the extracted User Name using a method.
string strUserID = ExtractUserName(User.Identity.Name.ToString());
string STR_FIRST_NAME;
string STR_LAST_NAME;
string STR_DISPLAY_NAME;
string STR_MAIL;
string STR_OFFICE_PHONE;
string STR_ADDRESS;
GetFullName(strUserID, out STR_FIRST_NAME, out STR_LAST_NAME, out STR_DISPLAY_NAME,
out STR_MAIL, out STR_OFFICE_PHONE, out STR_ADDRESS);
lblHello.Text = "Your User ID is: " + strUserID;
TextBox1.Text =
"Your name is: " + STR_FIRST_NAME + " " + STR_LAST_NAME + Environment.NewLine +
"Display Name: " + STR_DISPLAY_NAME + Environment.NewLine +
"Email address: " + STR_MAIL + Environment.NewLine +
"Office Phone: " + STR_OFFICE_PHONE + Environment.NewLine +
"Address: " + STR_ADDRESS;
}
//Retrives User Name from DomainName\\UserName
private static string ExtractUserName(string path)
{
string[] userPath = path.Split(new char[] { '\\' });
return userPath[userPath.Length - 1];
}
public static string GetFullName(string strLoginName,
out string STR_FIRST_NAME,
out string STR_LAST_NAME,
out string STR_DISPLAY_NAME,
out string STR_MAIL,
out string STR_OFFICE_PHONE,
out string STR_ADDRESS)
{
string userName = ExtractUserName(strLoginName);
SearchResult result = null;
using (HostingEnvironment.Impersonate())
{
DirectorySearcher search = new DirectorySearcher();
search.Filter = String.Format("(SAMAccountName={0})", userName);
search.PropertiesToLoad.Add("cn");
STR_FIRST_NAME = "";
STR_LAST_NAME = "";
STR_DISPLAY_NAME = "";
STR_MAIL = "";
STR_OFFICE_PHONE = "";
STR_ADDRESS = "";
try
{
result = search.FindOne();
foreach (System.Collections.DictionaryEntry direntry in result.Properties)
{
STR_FIRST_NAME = result.GetDirectoryEntry().Properties["givenName"].Value.ToString();
STR_LAST_NAME = result.GetDirectoryEntry().Properties["SN"].Value.ToString();
STR_DISPLAY_NAME = result.GetDirectoryEntry().Properties["DisplayName"].Value.ToString();
STR_MAIL = result.GetDirectoryEntry().Properties["mail"].Value.ToString();
STR_OFFICE_PHONE = result.GetDirectoryEntry().Properties["telephoneNumber"].Value.ToString();
STR_ADDRESS = result.GetDirectoryEntry().Properties["streetAddress"].Value.ToString();
}
return null;
}
catch (Exception ex)
{
throw ex;
}
}
}
}
再次一切正常我的本地计算机上的测试VS环境。我可能在IIS中缺少某种配置?
在此先感谢。
首先要检查IIS应用程序池标识是否具有对AD的正确权限。
而且这里一个侧面说明东西是关于你赶上{抛出前}阅读
哇谢谢。将ApplicationPoolIdentity切换到NetworkService的确有窍门。在研究你所建议的内容时,我发现在以前版本的IIS中提到的一些信息,所有的AppPools作为网络服务运行,但是给每个AppPools自己的身份提供增强。现在是否使用网络服务身份验证不良习惯? – kmc5117
很高兴帮助。从根本上分离应用程序池标识是当今最好的做法,以减少每个IIS应用程序被占用的空间,以便有人能够访问帐户。 –