以下代碼在本地計算機上的Visual Studio Development環境中正常工作。然而,當我將文件移動到Windows 2008 R2的IIS 7.5的機器,我得到以下錯誤:在生產時出現Directory.Services錯誤
[DirectoryServicesCOMException (0x80072020): An operations error occurred. ] _Default.GetFullName(String strLoginName, String& STR_FIRST_NAME, String& STR_LAST_NAME, String& STR_DISPLAY_NAME, String& STR_MAIL, String& STR_OFFICE_PHONE, String& STR_ADDRESS) in c:\AuthTest\Default.aspx.cs:87 _Default.Page_Load(Object sender, EventArgs e) in c:\AuthTest\Default.aspx.cs:23
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive() +71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064
我有IIS中啓用Windows身份驗證,所以我不知道如果我失去了別的東西。我的本地機器和Web服務器都在同一個域中。
這裏是我的代碼:
using System;
using System.DirectoryServices;
using System.Web.Hosting;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//Gets the extracted User Name using a method.
string strUserID = ExtractUserName(User.Identity.Name.ToString());
string STR_FIRST_NAME;
string STR_LAST_NAME;
string STR_DISPLAY_NAME;
string STR_MAIL;
string STR_OFFICE_PHONE;
string STR_ADDRESS;
GetFullName(strUserID, out STR_FIRST_NAME, out STR_LAST_NAME, out STR_DISPLAY_NAME,
out STR_MAIL, out STR_OFFICE_PHONE, out STR_ADDRESS);
lblHello.Text = "Your User ID is: " + strUserID;
TextBox1.Text =
"Your name is: " + STR_FIRST_NAME + " " + STR_LAST_NAME + Environment.NewLine +
"Display Name: " + STR_DISPLAY_NAME + Environment.NewLine +
"Email address: " + STR_MAIL + Environment.NewLine +
"Office Phone: " + STR_OFFICE_PHONE + Environment.NewLine +
"Address: " + STR_ADDRESS;
}
//Retrives User Name from DomainName\\UserName
private static string ExtractUserName(string path)
{
string[] userPath = path.Split(new char[] { '\\' });
return userPath[userPath.Length - 1];
}
public static string GetFullName(string strLoginName,
out string STR_FIRST_NAME,
out string STR_LAST_NAME,
out string STR_DISPLAY_NAME,
out string STR_MAIL,
out string STR_OFFICE_PHONE,
out string STR_ADDRESS)
{
string userName = ExtractUserName(strLoginName);
SearchResult result = null;
using (HostingEnvironment.Impersonate())
{
DirectorySearcher search = new DirectorySearcher();
search.Filter = String.Format("(SAMAccountName={0})", userName);
search.PropertiesToLoad.Add("cn");
STR_FIRST_NAME = "";
STR_LAST_NAME = "";
STR_DISPLAY_NAME = "";
STR_MAIL = "";
STR_OFFICE_PHONE = "";
STR_ADDRESS = "";
try
{
result = search.FindOne();
foreach (System.Collections.DictionaryEntry direntry in result.Properties)
{
STR_FIRST_NAME = result.GetDirectoryEntry().Properties["givenName"].Value.ToString();
STR_LAST_NAME = result.GetDirectoryEntry().Properties["SN"].Value.ToString();
STR_DISPLAY_NAME = result.GetDirectoryEntry().Properties["DisplayName"].Value.ToString();
STR_MAIL = result.GetDirectoryEntry().Properties["mail"].Value.ToString();
STR_OFFICE_PHONE = result.GetDirectoryEntry().Properties["telephoneNumber"].Value.ToString();
STR_ADDRESS = result.GetDirectoryEntry().Properties["streetAddress"].Value.ToString();
}
return null;
}
catch (Exception ex)
{
throw ex;
}
}
}
}
再次一切正常我的本地計算機上的測試VS環境。我可能在IIS中缺少某種配置?
在此先感謝。
哇謝謝。將ApplicationPoolIdentity切換到NetworkService的確有竅門。在研究你所建議的內容時,我發現在以前版本的IIS中提到的一些信息,所有的AppPools作爲網絡服務運行,但是給每個AppPools自己的身份提供增強。現在是否使用網絡服務身份驗證不良習慣? – kmc5117
很高興幫助。從根本上分離應用程序池標識是當今最好的做法,以減少每個IIS應用程序被佔用的空間,以便有人能夠訪問帳戶。 –