在试图检索授权组时,发生了一个错误(5)

时间:2022-02-10 21:52:42

This error is what I get if I run the application on the server, but not locally. Why is this happening on the server and not locally???

如果我在服务器上运行应用程序,而不是在本地运行,就会出现这个错误。为什么会发生在服务器上而不是本地???

List<GroupPrincipal> result = new List<GroupPrincipal>();

// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);

// if found - grab its groups
if (user != null)
{
//here happens the error on server.
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

Please help me.

请帮助我。

stack trace:

堆栈跟踪:

   [PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.]
   System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) +317263
   System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) +441
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() +78
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups() +11
   IntegrationApp.App_Code.ActiveDir.GetGroups(String userName) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\App_Code\3-Tier\DAL\ActiveDir.cs:54
   IntegrationApp.App_Code._3_Tier.BAL.DatabaseBAL.BepaalDefaultNiveau2(String melder) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\App_Code\3-Tier\BAL\DatabaseBAL.cs:75
   IntegrationApp.Detailscherm.VulLijsten() in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\Detailscherm.aspx.cs:89
   IntegrationApp.Detailscherm.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\Detailscherm.aspx.cs:30
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
   System.Web.UI.Control.OnLoad(EventArgs e) +132
   System.Web.UI.Control.LoadRecursive() +66
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

4 个解决方案

#1


10  

I found another solution to get access to the GROUPS:

我找到了另一种方法来获得这些群组:

PrincipalSearchResult<Principal> groups = user.GetGroups();

#2


3  

Under what identity is your process running on the server? Most likely, that user does not have the correct rights to access your Active Directory.

您的进程在服务器上运行的身份是什么?很可能,该用户没有访问您的活动目录的正确权限。

Can you test if it works with this constructor of PrincipalContext?

你能测试它是否与PrincipalContext的构造函数一起工作吗?

PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain, "MY.DOMAIN.HERE", "USERNAME", "PASSWORD");

If that works, you probably want to create a dedicated domain user for your app to run under.

如果可以,您可能希望为应用程序创建一个专用的域用户。

#3


3  

I found that membership in the Windows Authorization Access Group is required to execute GetAuthorizationGroups.

我发现执行GetAuthorizationGroups需要获得Windows授权访问组中的成员资格。

See the following article: http://support.microsoft.com/kb/331951

请参阅以下文章:http://support.microsoft.com/kb/331951

#4


2  

Just a guess, but it sounds like an issue with the trust levels. See if the info contained here helps:

只是一个猜测,但这听起来像是信任级别的问题。看看这里包含的信息是否有用:

Are you running it as an administrator on your box and a more limited account on the server?

您是否以管理员的身份在您的box上运行它,在服务器上运行更有限的帐户?

If so, I would try running it at full trust on the server (if you can) to see if the problem goes away.

如果是这样,我将尝试在服务器上完全信任它(如果可以),看看问题是否会消失。

#1


10  

I found another solution to get access to the GROUPS:

我找到了另一种方法来获得这些群组:

PrincipalSearchResult<Principal> groups = user.GetGroups();

#2


3  

Under what identity is your process running on the server? Most likely, that user does not have the correct rights to access your Active Directory.

您的进程在服务器上运行的身份是什么?很可能,该用户没有访问您的活动目录的正确权限。

Can you test if it works with this constructor of PrincipalContext?

你能测试它是否与PrincipalContext的构造函数一起工作吗?

PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain, "MY.DOMAIN.HERE", "USERNAME", "PASSWORD");

If that works, you probably want to create a dedicated domain user for your app to run under.

如果可以,您可能希望为应用程序创建一个专用的域用户。

#3


3  

I found that membership in the Windows Authorization Access Group is required to execute GetAuthorizationGroups.

我发现执行GetAuthorizationGroups需要获得Windows授权访问组中的成员资格。

See the following article: http://support.microsoft.com/kb/331951

请参阅以下文章:http://support.microsoft.com/kb/331951

#4


2  

Just a guess, but it sounds like an issue with the trust levels. See if the info contained here helps:

只是一个猜测,但这听起来像是信任级别的问题。看看这里包含的信息是否有用:

Are you running it as an administrator on your box and a more limited account on the server?

您是否以管理员的身份在您的box上运行它,在服务器上运行更有限的帐户?

If so, I would try running it at full trust on the server (if you can) to see if the problem goes away.

如果是这样,我将尝试在服务器上完全信任它(如果可以),看看问题是否会消失。