UserPrincipal.FindByIdentity 坚持“服务器上没有这样的对象".
时间:2023-01-01问题描述
我目前的目标是使用 System.DirectoryServices.AccountManagement 程序集中的实用程序为基于域安全组的 ASP.NET 应用程序实现只读角色提供程序.我有以下代码在我的开发域中运行良好,但在部署环境中失败:
使用 myContext 作为新的 PrincipalContext(ContextType.Domain, Nothing, "DC=My,DC=Controller", accountName, accountPassword)尝试Dim p As UserPrincipal = UserPrincipal.FindByIdentity(myContext, IdentityType.SamAccountName, userName)Dim 组 = p.GetAuthorizationGroups()对于每个 g 组Debug.WriteLine("找到安全组:" & g.DisplayName & vbNewLine)下一个Catch ex 作为例外Debug.WriteLine("遇到异常:" & vbNewLine & ex.ToString())结束尝试结束使用异常堆栈跟踪返回如下:
<前>System.DirectoryServices.AccountManagement.PrincipalOperationException:服务器上没有这样的对象.---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): 服务器上没有这样的对象.在 System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)在 System.DirectoryServices.DirectoryEntry.Bind()在 System.DirectoryServices.DirectoryEntry.get_SchemaEntry()在 System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)在 System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)在 System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry 条目)在 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()--- 内部异常堆栈跟踪结束 ---在 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()在 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()在 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()在 System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()在 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)在 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)在 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)我知道这里明显的问题"是确定对象实际上存在于服务器上.但是,我可以毫无疑问地确认,无论我使用哪个帐户的 SAM 帐户名,我都会从通话中收到相同的结果.此外,微软的 ActiveDirectoryMembershipProvider 对相同的 SAM 帐户名进行身份验证没有问题,我能够使用该信息通过 DirectorySearcher 类.我能确定的开发网络和部署之间的唯一区别是部署环境的 DC 是 Windows Server 2003 机器,而我在本地使用 Windows Server 2008 DC 进行开发.我可能会忽略什么?
由于某种原因,问题出在域控制器的路径上.将路径描述为 DC=box123,DC=dom 不起作用,但使用路径 box123.dom 起作用.不知道为什么,这不是我可以在本地域上复制的行为,但这解决了问题.
经过进一步调查,构造 DC=box123,DC=dom 当缩减为 DC=dom 时也能正常运行.我不了解寻址的动态,但我能够通过使用 DirectorySearcher 对象显示示例用户的路径来确定问题,该对象显示我的用户的路径为:LDAP://box123.dom/CN=username/CN=Users/DC=dom
I am currently aiming to implement a read-only role provider for an ASP.NET application based on domain security groups using the utilities in the System.DirectoryServices.AccountManagement assembly. I have the following piece of code which works fine on my development domain, but fails in the deployment environment:
Using myContext As New PrincipalContext(ContextType.Domain, Nothing, "DC=My,DC=Controller", accountName, accountPassword)
Try
Dim p As UserPrincipal = UserPrincipal.FindByIdentity(myContext, IdentityType.SamAccountName, userName)
Dim groups = p.GetAuthorizationGroups()
For Each g In groups
Debug.WriteLine("Found security group: " & g.DisplayName & vbNewLine)
Next
Catch ex As Exception
Debug.WriteLine("Encountered an exception: " & vbNewLine & ex.ToString())
End Try
End Using
The exception stack trace returns as follows:
System.DirectoryServices.AccountManagement.PrincipalOperationException: There is no such object on the server.
---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
--- End of inner exception stack trace ---
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
I know the obvious "gotcha" here is to be certain the object actually, well... exists on the server. However, I can confirm without a doubt that no matter which account's SAM Account Name I use, I receive the same result from the call. Additionally, Microsoft's ActiveDirectoryMembershipProvider has no trouble authenticating against the same SAM Account Name and I am able to find the object using that information with the DirectorySearcher class. The only differences I can identify between the development network and deployment is that the deployment environment's DC is a Windows Server 2003 box, whereas locally I am developing with a Windows Server 2008 DC. What might I be overlooking?
For some reason, the problem lay in the path to the domain controller. Describing the path as DC=box123,DC=dom did not work, but using the path box123.dom did. Can't say why, and it's not a behavior I can duplicate on the local domain, but that resolved the issue.
EDIT:
Upon further investigation, the construction DC=box123,DC=dom when pared down to DC=dom functioned correctly as well. I don't understand the dynamics of the addressing, but I was able to determine the trouble by displaying the path to a sample user using a DirectorySearcher object, which revealed the path to my user to be: LDAP://box123.dom/CN=username/CN=Users/DC=dom
这篇关于UserPrincipal.FindByIdentity 坚持“服务器上没有这样的对象".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
相关文章
如何在 Active Directory/Windows 身份验证中使用 Servicestack 身份验证?How to use Servicestack Authentication with Active Directory/Windows Authentication?(如何在 Active Directory/Windows 身份验证中使用 Servicestack 身份- 如何从 C# 中的显示名称获取 Active Directory 中的用户名?How to get a username in Active Directory from a display name in C#?(如何从 C# 中的显示名称获取 Active Directory 中的用户名?)
- Active Directory 帐户的 Oauth 2 令牌Oauth 2 token for Active Directory accounts(Active Directory 帐户的 Oauth 2 令牌)
- 在 ASP.NET Core 中使用 DirectoryServicesWorking with DirectoryServices in ASP.NET Core(在 ASP.NET Core 中使用 DirectoryServices)
- 在 .NET (C#) 中创建 Active Directory 用户Create Active Directory user in .NET (C#)(在 .NET (C#) 中创建 Active Directory 用户)
- LdapConnection 与 PrincipalContextLdapConnection vs. PrincipalContext(LdapConnection 与 PrincipalContext)