问题
I have the same web app working in three others servers. Anyone have any idea why is not working in the 4th server? See the error and stacktrace:
An operations error occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details:
System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[DirectoryServicesCOMException (0x80072020): An operations error occurred. ] System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +454 System.DirectoryServices.DirectoryEntry.Bind() +36 System.DirectoryServices.DirectoryEntry.get_AdsObject() +31 System.DirectoryServices.PropertyValueCollection.PopulateList() +22
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +96
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +142 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +1134 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +37 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +124 System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +31 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable'1 identityType, String identityValue, DateTime refDate) +14
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) +73
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +25
Infraero.TINE3.STTEnterprise.Web.Common.Seguranca.ServicoAutenticacao.EfetuarLogin(AcessoUsuario acessoUsuario, String senha) in D:\SVN\STT\trunk\4-0_CodigoFonte_Enterprise\4-4_SRC\Infraero.TINE3.STTEnterprise.Web\Common\Seguranca\ServicoAutenticacao.cs:34 Infraero.TINE3.STTEnterprise.Web.Controllers.LoginController.ValidarUsuarioAD(String matricula, String senha, AcessoUsuario acessoUsuario) in D:\SVN\STT\trunk\4-0_CodigoFonte_Enterprise\4-4_SRC\Infraero.TINE3.STTEnterprise.Web\Controllers\LoginController.cs:92 Infraero.TINE3.STTEnterprise.Web.Controllers.LoginController.ValidarUsuario(String matricula, String senha) in D:\SVN\STT\trunk\4-0_CodigoFonte_Enterprise\4-4_SRC\Infraero.TINE3.STTEnterprise.Web\Controllers\LoginController.cs:80 Infraero.TINE3.STTEnterprise.Web.Controllers.LoginController.Index(LoginViewModel loginViewModel) in D:\SVN\STT\trunk\4-0_CodigoFonte_Enterprise\4-4_SRC\Infraero.TINE3.STTEnterprise.Web\Controllers\LoginController.cs:54 lambda_method(Closure , ControllerBase , Object[] ) +108
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +17
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary'2 parameters) +208
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary'2 parameters) +27
System.Web.Mvc.<>c__DisplayClass15.b__12() +55 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func'1 continuation) +263
System.Web.Mvc.<>c__DisplayClass17.b__14() +19 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList'1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +191
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343
System.Web.Mvc.Controller.ExecuteCore() +116
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +97 System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +10
System.Web.Mvc.<>c__DisplayClassb.b__5() +37
System.Web.Mvc.Async.<>c__DisplayClass1.b__0() +21
System.Web.Mvc.Async.<>c__DisplayClass8'1.b__7(IAsyncResult _) +12 System.Web.Mvc.Async.WrappedAsyncResult'1.End() +62 System.Web.Mvc.<>c__DisplayClasse.b__d() +50
System.Web.Mvc.SecurityUtil.b__0(Action f) +7 System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +22 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +60
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +8963149 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184
EfetuarLogin Method:
public static bool EfetuarLogin(User user, string password)
{
bool isValid = false;
if (user != null)
{
PrincipalContext context = new PrincipalContext(ContextType.Domain);
using (context)
{
isValid = context.ValidateCredentials(user.Login, password);
if (isValid)
{
UserPrincipal userAD = UserPrincipal.FindByIdentity(context, user.Login);
MySession.CurrentUser = new MyUserSession()
{
Id = user.Id,
ProfileId = user.ProfileId ,
Login = user.Login ,
Name = userAD.Name
};
}
}
}
return isValid;
}
回答1:
I had exactly the same error and fixed it by changing the site's application pool to run under the Network Service.
In IIS:
- Select your site's application pool
- Select Advanced Settings on the right-hand side
- On the Advanced Settings pop-up window, scroll down to the Process Model group
- Change the first option called Identity to NetworkService (mine was set to the default ApplicationPoolIdentity).
I hope this helps.
回答2:
I know this topic is old but just for future people who will be looking for this issue Just use this method to execute the code with Elevate privileges
using (HostingEnvironment.Impersonate()) {
// This code runs as the application pool user
}
回答3:
There isn't an InnerException
in this case, it's just wrapping a COM error.
Almost certainly it's because your Application Pool identity does not have permission to access Active Directory.
回答4:
In my case, switching from ApplicationPoolItentity to NetworkService in the app pool did work BUT it not preferred "because services running as Network Service can tamper with other services that run under the same identity" per the following link: (http://www.iis.net/learn/manage/configuring-security/application-pool-identities).
I ran the hotfix (KB2545850) on the server and rebooted per this answer:(DirectoryServicesCOMException 80072020 From IIS 7.5 Site Running Under ApplicationPoolIdentity)
It appears to be working well now.
Background on my task: Upgrading apps from .net framework 2.0 on Server 2003 to .net framework 4.0 on Server 2008 R2.
回答5:
My Experience was little different with this Error. I had to move on-premise application to Azure, where the LDAP call was happening from on-premise, but not from Azure even after opening the required firewall.
I tried all solution mentioned above, but none of them was helpful. Network service was already selected on Azure VM.
After lot of hit and trial and research. I fixed it.
Solution: On-Premise server was having permission to access LDAP and did not required any UserName and Password. But on Azure, you need to specifically make LDAP call with username and Password. Below is the code which helped.
var directoryEntry= new DirectoryEntry(adspath, Username, Password)
回答6:
1 - Change application pool to run under the Network Service.
2 - Click on the Authentication and disable ASP.Net impersonation.
回答7:
So if you place a breakpoint on the line:
UserPrincipal userAD = UserPrincipal.FindByIdentity(context, user.Login);
and step through it, it generates the above exception which does not have any InnerExceptions?
According to the stack trace, that line is the beginning of the problem. The returned exception should have at least some other information in it as to why it was thrown.
InnerException Concatenator
The following method takes the top level exception and returns a tab and linebreak formatted breakdown of the inner exceptions as a string.
private static string InnerExceptionConcatenator(Exception ex, int tabTracker = 0)
{
string retVal = "";
if (ex.InnerException != null)
{
tabTracker ++;
retVal = string.Format( "{0}\r\n{1}{2}", ex.Message, new String('\t', tabTracker), InnerExceptionConcatenator(ex.InnerException));
}
else
{
retVal = ex.Message;
}
return retVal;
}
You can call it thusly:
try
{
}
catch(ex Exception)
{
var exceptionString = InnerExceptionConcatenator(ex);
var path = @"c:\temp\exception.txt";
if (!File.Exists(path))
{
using (StreamWriter sw = File.CreateText(path))
{
sw.WriteLine(exceptionString);
}
}
else
{
using (StreamWriter sw = File.AppendText(path))
{
sw.WriteLine(exceptionString);
}
}
}
来源:https://stackoverflow.com/questions/13688031/system-directoryservices-directoryservicescomexception-an-operations-error-occu