我想创建一个内联网网站,可以查找用户的电子邮件地址的基础上他们的Active Directory用户名。
I am trying to create a intranet website which can look up a users email address based on their Active Directory username.
我在web.config中的以下内容:
I have the following in my web.config:
<authentication mode="Windows"/>
<identity impersonate="true"/>
和我能获得用户的用户名与
And I can obtain the the users UserName with:
Environment.UserName
运行在本地主机,下面的code可以让我查询了广告并获得电子邮件:
Running on localhost, the following code allows me to query the AD and obtain the email:
public string GetADUser(string userName)
{
DirectoryEntry entry = new DirectoryEntry();
// get a DirectorySearcher object
DirectorySearcher search = new DirectorySearcher(entry);
// specify the search filter
search.Filter = "(&(objectClass=user)(anr=" + userName + "))";
// specify which property values to return in the search
search.PropertiesToLoad.Add("mail"); // smtp mail address
// perform the search
SearchResult result = search.FindOne();
string email = string.Empty;
if (result != null)
{
if (result.Properties["mail"].Count == 1)
{
email = result.Properties["mail"][0].ToString();
}
else
{
email = "no email";
}
}
else
{
email = "not found";
}
return email;
}
大,这code认证使用我的凭据默认情况下,允许我传递一个用户名和查找用户的电子邮件地址。
Great, this code authenticates using my credentials by default and allows me to pass in a username and look up the users email address.
不过,当我上传这个测试code到服务器中,code停止,如果我浏览到该网站从任何地方以外的其他本地主机的工作。
However, when I upload this test code to the server, the code stops working if I browse to the site from anywhere other than localhost.
[COMException (0x80072020): An operations error occurred.]
谷歌搜索这表明我有一个权限问题。
Googling this reveals that I have a permissions issue.
要解决这个问题我已经尝试设置为我的凭据的应用程序池标识,但是这仍然没有让code搜索广告。
To get around this I have tried setting the application pool identity to my credentials but this still does not allow the code to search the AD.
该网站的身份验证在IIS中配置如下(已启用的项目标记以&lt;&LT;):
The website authentication is configured in IIS as follows (enabled items tagged with <<):
Anonymous Authentication:Disabled
ASP.NET Impersonation:Enabled <<
Basic Authentication:Disabled
Digest Authentication:Disabled
Forms Authentication:Disabled
Windows Authentication:Enabled <<
它甚至有可能做什么,我想干什么? 我在想什么?
Is it even possible to do what I am trying to do? What am I missing?
确定我发现这个问题。
在此情况下,具有 ASP.NET模拟:启用
在IIS和我的web.config中发生冲突与我所配置的应用程序池标识。 (我认为)。
In this case, having ASP.NET Impersonation:Enabled
in IIS and my Web.Config was conflicting with the Application Pool identity I had configured. (I think).
在我设置的应用程序池标识使用适当的帐户验证查询AD,残疾人模拟和剩余的运行时间 Windows身份验证:启用
我能得到网站查询AD不传递任何凭据在我的code。
Once I set the application pool identity to run using an appropriate account authenticated to query the AD, disabled Impersonation and left Windows Authentication:Enabled
I was able to get the website to query the AD without passing any credentials in my code.