我有一个应用程序需要绑定远程客户的Active Directory才能执行身份验证任务。
using (var ctx = new PrincipalContext(ContextType.Domain, "customer.org", "ou=people,dc=customer,dc=org", ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind, "bindaccount@customer.org", "password"))
{
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username); // after several seconds, throws PrincipalServerDownException
if (user == null) return null; // user doesn't exist
// check if the account is locked out, etc. (omitted)
// quickly validate credentials
if (!ctx.ValidateCredentials(username, password, ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind)) return null; // bad credentials
return user;
}
例外是:
PrincipalServerDownException:服务器无法运行。
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetAsPrincipal(Object storeObject, Object discriminant)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
直到今天,事情还不错。一个变化是运行此代码的应用程序从4升级到4.5。我无法确定升级后是否立即出现问题,或者只是巧合。
我一直在使用AdFind来测试与客户AD的绑定,它似乎工作正常。
另一个有趣的事情是,PrincipalContext初始化得很好(从而验证了它与远程存储的连接),如果我注释掉FindByIdentity调用,那么只调用ctx.ValidateCredentials ,这也很好。
答案 0 :(得分:3)
实际上4.5可能就是问题。 “安全”UerPrincipal.FindByIdentity已经发生了一些变化。他们倾向于破坏跨域中的代码和workroup =>域方案。
您至少有两种可能性: