問題描述

我在使用 Windows 身份驗證的網(wǎng)站上收到錯誤消息.

I get an error by a website, on which I use Windows Authentication.

奇怪的事情:

• 僅在用戶尚未保存到數(shù)據(jù)庫中時發(fā)生(新的未知用戶)
• 僅在實時系統(tǒng)上出現(xiàn)，在本地開發(fā)環(huán)境中一切正常

這是我在日志郵件中收到的內(nèi)容:

This is what I get in a logging mail:

來源:System.DirectoryServices

Source : System.DirectoryServices

消息:服務(wù)器無法運行.

Message: The server is not operational.

跟蹤:
在 System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
在 System.DirectoryServices.DirectoryEntry.Bind()
在 System.DirectoryServices.DirectoryEntry.get_AdsObject()
在 System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
在 System.DirectoryServices.DirectorySearcher.FindOne()
在 Smarthouse.Labs.DataAccess.UserListManager.SaveUser(String windowsUserName)

Trace:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Smarthouse.Labs.DataAccess.UserListManager.SaveUser(String windowsUserName)

這就是我實現(xiàn) DirectorySearch 的方式:

This is how I implement DirectorySearch:

private void SaveUser(string windowsUserName)
{
    string[] domainAndUser = windowsUserName.Split('\');
    string domain = domainAndUser[0];
    string username = domainAndUser[1];

    DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain);
    DirectorySearcher search = new DirectorySearcher(entry);

    try
    {
        // Bind to the native AdsObject to force authentication.
        search.Filter = "(SAMAccountName=" + username + ")";
        search.PropertiesToLoad.Add("cn");
        search.PropertiesToLoad.Add("sn");
        search.PropertiesToLoad.Add("givenName");
        search.PropertiesToLoad.Add("mail");

        SearchResult result = search.FindOne();

        if (result == null)
        {
            throw new Exception("No results found in Windows authentication.");
        }

        User userToSave = new User();
        userToSave.FirstName = (String) result.Properties["givenName"][0];
        userToSave.LastName = (String) result.Properties["sn"][0];
        userToSave.Email = (String) result.Properties["mail"][0];
        userToSave.Username = windowsUserName;
        userToSave.Guid = Guid.NewGuid();

        SaveUser(userToSave);
    }
    catch (Exception ex)
    {
        throw new Exception("Error authenticating user. " + ex.Message, ex);
    }
    finally
    {
        //Dispose service and search to prevent leek in memory
        entry.Dispose();
        search.Dispose();
    }
}

如果需要更多代碼示例，請告訴我.

If more code examples are needed just tell me.

推薦答案

您的問題是您正在使用普通"域名進(jìn)行綁定 - 這在 LDAP 中不起作用.實際上，如果您嘗試綁定到 LDAP://MyDomain，您真正所做的是嘗試綁定到名為 服務(wù)器代碼>我的域.

Your problem is that you're using a "plain" domain name to bind - this won't work in LDAP. Actually, if you try to bind to LDAP://MyDomain, what you're really doing is trying to bind to the server called MyDomain.

您需要一個有效的 LDAP 綁定字符串 - 類似于 LDAP://dc=yourdomain,dc=local 之類的東西.

You need a valid LDAP bind string - something like LDAP://dc=yourdomain,dc=local or something.

要了解您的默認(rèn) LDAP 綁定上下文是什么，請使用以下代碼片段:

To find out what your default LDAP binding context is, use this code snippet:

DirectoryEntry deRoot = new DirectoryEntry("LDAP://RootDSE");

if (deRoot != null)
{
   string defaultNamingContext = deRoot.Properties["defaultNamingContext"].Value.ToString();
}

獲得該字符串后 - 將其用作 LDAP 服務(wù)器的綁定字符串.

Once you have that string - use that as your bind string to your LDAP server.

如果您使用 .NET 3.5 及更高版本，您應(yīng)該查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空間.在此處閱讀所有相關(guān)信息:

And if you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• 在 .NET Framework 3.5 中管理目錄安全主體
• System.DirectoryServices.AccountManagement 上的 MSDN 文檔

基本上，您可以定義域上下文并輕松找到 AD 中的用戶和/或組:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context -- no domain name needed, uses default domain 
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, username);

if(user != null)
{
   // do something here....     
}

新的 S.DS.AM 使在 AD 中與用戶和組一起玩變得非常容易！

The new S.DS.AM makes it really easy to play around with users and groups in AD!

這篇關(guān)于System.DirectoryServices - 服務(wù)器無法運行的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！