UserPrincipals.GetAuthorizationGroups An error (1301) occurred while enumerating the groups. After upgrading to Server 2012 Domain Controller
Research:
Similar Issue with workaround, but not actual solution to existing problem
Similar issue pointing to Microsoft End Point update as
-
we had a similar issue after upgrading the domain controller to 2012. Suddenly my call to user.GetAuthorizationGroups() started failing; I was getting the same exception you were (error 1301). So, I changed it to user.GetGroups(). That worked for a little while, then started failing intermittently on "bad username or password". My latest workaround appears to fix it, for the moment at least. Instead of calling either of those, after constructing the user object, I also construct a group object, one for each group I want to see if the user is a member of. ie, "user.IsMemberOf(group)". That seems to work.
try { using (HostingEnvironment.Impersonate()) { using (var principalContext = new PrincipalContext(ContextType.Domain, "MYDOMAIN")) { using (var user = UserPrincipal.FindByIdentity(principalContext, userName)) { if (user == null) { Log.Debug("UserPrincipal.FindByIdentity failed for userName = " + userName + ", thus not authorized!"); isAuthorized = false; } if (isAuthorized) { firstName = user.GivenName; lastName = user.Surname; // so this code started failing: // var groups = user.GetGroups(); // adGroups.AddRange(from @group in groups where // @group.Name.ToUpper().Contains("MYSEARCHSTRING") select @group.Name); // so the following workaround, which calls, instead, // "user.IsMemberOf(group)", // appears to work (for now at least). Will monitor for issues. // test membership in SuperUsers const string superUsersGroupName = "MyApp-SuperUsers"; using (var superUsers = GroupPrincipal.FindByIdentity(principalContext, superUsersGroupName)) { if (superUsers != null && user.IsMemberOf(superUsers)) // add to the list of groups this user is a member of // then do something with it later adGroups.Add(superUsersGroupName); }
加载中...
- 热议问题