个人中心
gpt4 book ai didi

c# - 访问 Active Directory 所需的权限?

转载 作者:行者123 更新时间:2023-11-30 13:04:09 25 4
gpt4 key购买 nike

你好,

我在 IIS 中有一个运行此代码的服务主机:

DirectoryEntry objADAM = default(DirectoryEntry);
            // Binding object. 
            DirectoryEntry objGroupEntry = default(DirectoryEntry);
            // Group Results. 
            DirectorySearcher objSearchADAM = default(DirectorySearcher);
            // Search object. 
            SearchResultCollection objSearchResults = default(SearchResultCollection);
            // Binding path. 
            ActiveDirectory result = new ActiveDirectory();
            ActiveDirectoryItem treeNode;

            // Get the AD LDS object. 
            try
            {
                if (pathToAD.Length > 0)
                    objADAM = new DirectoryEntry(pathToAD);
                else
                    objADAM = new DirectoryEntry();
                objADAM.RefreshCache();
            }
            catch (Exception e)
            {
                throw e;
            }

            // Get search object, specify filter and scope, 
            // perform search. 
            try
            {
                objSearchADAM = new DirectorySearcher(objADAM);
                objSearchADAM.Filter = "(&(objectClass=group))";
                objSearchADAM.SearchScope = SearchScope.Subtree;
                objSearchResults = objSearchADAM.FindAll();
            }
            catch (Exception e)
            {
                throw e;
            }

            // Enumerate groups 
            try
            {
                if (objSearchResults.Count != 0)
                {
                    //SearchResult objResult = default(SearchResult);
                    foreach (SearchResult objResult in objSearchResults)
                    {
                        objGroupEntry = objResult.GetDirectoryEntry();
                        result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() { Id = objGroupEntry.Guid, ParentId = objGroupEntry.Parent.Guid, AccountName = objGroupEntry.Name, Type = ActiveDirectoryType.Group, PickableNode = false });

                        foreach (object child in objGroupEntry.Properties["member"])
                        {
                            treeNode = new ActiveDirectoryItem();
                            var path = "LDAP://" + child.ToString().Replace("/", "\\/");
                            using (var memberEntry = new DirectoryEntry(path))
                            {

                                if (memberEntry.SchemaEntry.Name.CompareTo("group") != 0 && memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid"))
                                {
                                    treeNode.Id = Guid.NewGuid();
                                    treeNode.ParentId = objGroupEntry.Guid;
                                    treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString();
                                    treeNode.Type = ActiveDirectoryType.User;
                                    treeNode.PickableNode = true;
                                    treeNode.FullName = memberEntry.Properties["Name"][0].ToString();

                                    byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0];
                                    treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString();

                                    result.ActiveDirectoryTree.Add(treeNode);
                                }
                            }
                        }
                    }
                }
                else
                {
                    throw new Exception("No groups found");
                }
            }
            catch (Exception e)
            {
                throw new Exception(e.Message);
            }

            return result;

这在我的开发环境中运行良好,但在客户中我们遇到了这个异常:

指定的目录服务属性或值不存在

我想这可能与 Active Directory 的权限有关?

什么帐户需要 ActiveDirectory 以及需要什么级别的权限?

最佳答案

运行该线程的帐户需要具有对 AD 的读取权限。所有域帐户都具有此权限。

长话短说,验证 HttpContext.Current.User.Identity.Name 的值是域帐户。

如果 Web 应用程序被配置为具有匿名访问权限,那么它很可能不会。

关于c# - 访问 Active Directory 所需的权限?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10317166/

25 4 0
文章推荐: c# - GetKeyboardState 在远程桌面全屏模式下不起作用
文章推荐: javascript - 如何创建弹出(缓入)固定标题
文章推荐: javascript - 让 SlideJS 全屏工作
文章推荐: ios - 在 Google map 中显示带有独特数据的自定义标记
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com