我有一个配置为使用Windows身份验证的asp.net MVC应用程序。我正在尝试使用这个从UserPrincipal获取组。适用于Windows的AD用户组
UserPrincipal.Current.GetGroups()
这适用于从Visual Studio运行但在IIS上承载时失败。应用程序池配置为集成管道和网络服务标识。下面抛出错误:
Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type 'System.DirectoryServices.AccountManagement.UserPrincipal'."
我试图冒充代码
WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity;
using (WindowsImpersonationContext wic = identity.Impersonate())
{
PrincipalContext context = new PrincipalContext(ContextType.Domain, "DOMAIN NAME");
UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "User Name");
}
FindByIdentity抛出错误。
000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
如何从AD获取当前用户组?
你是怎么解决这个问题的? – Bargitta 2016-02-05 06:42:22