While trying to retrieve the authorization groups,

2019-01-20 07:44发布

问题:

This error is what I get if I run the application on the server, but not locally. Why is this happening on the server and not locally???

List<GroupPrincipal> result = new List<GroupPrincipal>();

// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);

// if found - grab its groups
if (user != null)
{
//here happens the error on server.
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

Please help me.

stack trace:

   [PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.]
   System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) +317263
   System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) +441
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() +78
   System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups() +11
   IntegrationApp.App_Code.ActiveDir.GetGroups(String userName) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\App_Code\3-Tier\DAL\ActiveDir.cs:54
   IntegrationApp.App_Code._3_Tier.BAL.DatabaseBAL.BepaalDefaultNiveau2(String melder) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\App_Code\3-Tier\BAL\DatabaseBAL.cs:75
   IntegrationApp.Detailscherm.VulLijsten() in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\Detailscherm.aspx.cs:89
   IntegrationApp.Detailscherm.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\mta\My Documents\IntegrationApp\IntegrationApp\Detailscherm.aspx.cs:30
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
   System.Web.UI.Control.OnLoad(EventArgs e) +132
   System.Web.UI.Control.LoadRecursive() +66
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

回答1:

I found another solution to get access to the GROUPS:

PrincipalSearchResult<Principal> groups = user.GetGroups();


回答2:

Under what identity is your process running on the server? Most likely, that user does not have the correct rights to access your Active Directory.

Can you test if it works with this constructor of PrincipalContext?

PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain, "MY.DOMAIN.HERE", "USERNAME", "PASSWORD");

If that works, you probably want to create a dedicated domain user for your app to run under.



回答3:

I found that membership in the Windows Authorization Access Group is required to execute GetAuthorizationGroups.

See the following article: http://support.microsoft.com/kb/331951



回答4:

Just a guess, but it sounds like an issue with the trust levels. See if the info contained here helps:

  • http://msdn.microsoft.com/en-us/library/ff648243.aspx
  • http://www.csharp411.com/executing-code-in-partial-trust-environments/

Are you running it as an administrator on your box and a more limited account on the server?

If so, I would try running it at full trust on the server (if you can) to see if the problem goes away.