System.DirectoryServices - Server ishlamayapti

Men Windows Authentication dan foydalanadigan veb-sayt tomonidan xatolik yuzaga keladi.

Ajablanarlisi narsalar:

  • Faqat foydalanuvchi ma'lumotlar bazasiga (yangi noma'lum foydalanuvchi) saqlanmagan holda paydo bo'ladi
  • Faqat jonli tizimda paydo bo'ladi, mahalliy rivojlanish muhitida hamma narsa yaxshi bo'ladi.

Men logging postiga kirishim shunday:

Manba: System.DirectoryServices

     

Xabar: Server ishlamayapti.

     

Iz: Foydalanuvchining profili   System.DirectoryServices.DirectoryEntry.Bind da (Boolean throwIfFail) da   System.DirectoryServices.DirectoryEntry.Bind() tizimida   System.DirectoryServices.DirectoryEntry.get_AdsObject() saytida   System.DirectoryServices.DirectorySearcher.FindAll da (Boolean findMoreThanOne) da
  System.DirectoryServices.DirectorySearcher.FindOne() tizimida   Smarthouse.Labs.DataAccess.UserListManager.SaveUser da (String windowsUserName) da

DirectorySearchni qanday qilib amalga oshiraman:

private void SaveUser(string windowsUserName)
{
    string[] domainAndUser = windowsUserName.Split('\\');
    string domain = domainAndUser[0];
    string username = domainAndUser[1];

    DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain);
    DirectorySearcher search = new DirectorySearcher(entry);

    try
    {
       //Bind to the native AdsObject to force authentication.
        search.Filter = "(SAMAccountName=" + username + ")";
        search.PropertiesToLoad.Add("cn");
        search.PropertiesToLoad.Add("sn");
        search.PropertiesToLoad.Add("givenName");
        search.PropertiesToLoad.Add("mail");

        SearchResult result = search.FindOne();

        if (result == null)
        {
            throw new Exception("No results found in Windows authentication.");
        }

        User userToSave = new User();
        userToSave.FirstName = (String) result.Properties["givenName"][0];
        userToSave.LastName = (String) result.Properties["sn"][0];
        userToSave.Email = (String) result.Properties["mail"][0];
        userToSave.Username = windowsUserName;
        userToSave.Guid = Guid.NewGuid();

        SaveUser(userToSave);
    }
    catch (Exception ex)
    {
        throw new Exception("Error authenticating user. " + ex.Message, ex);
    }
    finally
    {
        //Dispose service and search to prevent leek in memory
        entry.Dispose();
        search.Dispose();
    }
}

Agar ko'proq kod misollari kerak bo'lsa, ayting.

12
windowsUserName = MyDomainName \\ taikahar
qo'shib qo'ydi muallif Tai Kahar, manba
domen = MyDomainName (fyi: u bilan ishlayotgan mahalliy intranet)
qo'shib qo'ydi muallif Tai Kahar, manba

4 javoblar

Muammo shundaki, siz "oddiy" domen nomini bog'lash uchun foydalanmoqdasiz - bu LDAPda ishlamaydi. Aslida LDAP://MyDomain ga bog'lashga harakat qilsangiz, haqiqatdan ham qilayotganingiz serverga kodi> MyDomain .

Sizga tegishli bo'lgan LDAP ulanadigan string kerak: LDAP://dc = yourdomain, dc = local yoki shunga o'xshash narsa.

Standart LDAP ulanish moslamangizni aniqlash uchun ushbu kod zarrasini foydalaning:

DirectoryEntry deRoot = new DirectoryEntry("LDAP://RootDSE");

if (deRoot != null)
{
   string defaultNamingContext = deRoot.Properties["defaultNamingContext"].Value.ToString();
}

Siz shu qatorga ega bo'lgach, LDAP-serveringizning bog'lanish satri sifatida foydalaning.

Agar siz. NET 3.5 va yuqorisida bo'lsangiz, System.DirectoryServices.AccountManagement (S.DS.AM) nomlash maydonini tekshirishingiz kerak. Bu haqda hamma narsani o'qing:

Asosan, domen kontekstini belgilashingiz va ADda foydalanuvchilar va/yoki guruhlarni osongina topishingiz mumkin:

// set up domain context -- no domain name needed, uses default domain 
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, username);

if(user != null)
{
  //do something here....     
}

Yangi S.DS.AM ADda foydalanuvchilar va guruhlar bilan o'ynashni osonlashtiradi!

18
qo'shib qo'ydi
1-qism ishlagan bo'lsa ham, nima uchun (garovga qo'yilgan reklamalar bunga ega?) Nima uchun juda ko'p narsalarni bilmayman. Yangi domenga chegara bitiklaridan foydalanishni ilova qilyapman, eski LDAP magistrasi LDAP edi://[fqdn]/OU =. ..DC = ..., yangi LDAP://OU = ..., DC = ... Men juda shubhalanib :) Har holda ishladi, rahmat.
qo'shib qo'ydi muallif RandomUs1r, manba
Dushanba kuni men bu haqda o'ylayman. Sizga juda minnatdorman :) Jonli veb-saytlarda boshqa narsalarni tuzatishga majbur bo'ldim va bu past darajali.
qo'shib qo'ydi muallif Tai Kahar, manba
Kechirasiz, men bir muddat javob berishga vaqt topolmadim. Men bu mahalliy (to'g'ri domen) ni sinab ko'rdim va hamma narsa yaxshi ko'rinadi. Umid qilamanki, u jonli tizimda ham ishlaydi.
qo'shib qo'ydi muallif Tai Kahar, manba
Va nihoyat bu haqda o'yladim va System.DirectoryServices.AccountManagement-ga o'zgartirdim. Qulay foydalanish va umid qilamanki xatolarni tuzatadi.
qo'shib qo'ydi muallif Tai Kahar, manba

marc_s ning yuqoridagi javobiga qo'shish uchun menga kerak edi bir nechta domenni qidirish. Shunday qilib, har bir domen uchun men quyidagilarni amalga oshirdim:

DirectoryEntry deRoot = new DirectoryEntry("LDAP://" +"DomainName"+ "/RootDSE");
string defaultNamingContext = "LDAP://" + deRoot.Properties["defaultNamingContext"].Value.ToString();
DirectoryEntry mySearchRoot = new DirectoryEntry(defaultNamingContext);
DirectorySearcher myDirectorySearcher = new DirectorySearcher(mySearchRoot);
1
qo'shib qo'ydi

Bog'langan satrlarni LDAP formatida foydalanishingiz mumkin: //mydomain.com: 389. LDAP formatini ishlatish uchun "Access denied" ("Access is disclaimer") ni saqlashni davom ettirdim://DC = mydomain, DC = com. LDAP-ga o'tgandan so'ng: //mydomain.com: 389 formatini o'zgartirib, AutentifikatsiyaTypes.ServerBind bayrog'ini foydalanib, mening DirectoryEntry-ni qurishda foydalandim. Bu "Azure App Service" xizmatida edi.

0
qo'shib qo'ydi

Menga o'xshash xato ro'y berdi (bu har doim sodir bo'lgan bo'lsa-da, bu erda ko'rsatilganidek, muayyan holatlarda emas), noto'g'ri Active Directory aloqasi dizayni tufayli. Korp o'rniga prodni ishlatardim. Agar mavjud bo'lsa, tashkilotingizda boshqa ilovalar uchun ishlaydigan biror narsadan foydalaning.

0
qo'shib qo'ydi