Anmelden
 
HomeLibraryDownloadsSupportWebcasts & EventsCommunityForenBlogs
Ressourcen für IT-Professionals >
SharePoint Foundation AD Custom Claims Provider

Jawab SharePoint Foundation AD Custom Claims Provider

  • Dienstag, 1. Mai 2012 19:25
     
     
    Anmelden
    0

    We are developing a custom AD claims provider for SharePoint Foundation.

    Unfortuanely the DirectorySearcher keeps throwing an error

            private static MembershipUser GetUserFromAD(string searchFilter)
            {
               
                MembershipUser membershipUserObject = null;
                string userPrincipalName = string.Empty;
                string samAccountName = string.Empty;
                string displayName = string.Empty;

                try
                {
                    DirectoryEntry RootDSE = new DirectoryEntry("LDAP://RootDSE");
                    string defaultNamingContext = RootDSE.Properties["defaultNamingContext"].Value.ToString();
                    RootDSE.Dispose();
                    DirectoryEntry ADEntry = new DirectoryEntry("LDAP://" + defaultNamingContext);
                    using (ADEntry)
                    {
                        DirectorySearcher ADSearch = new DirectorySearcher(ADEntry);
                        using (ADSearch)
                        {

                            ADSearch.Filter = (searchFilter);
                            ADSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
                            ADSearch.PropertiesToLoad.Add("samAccountName");
                            ADSearch.PropertiesToLoad.Add("userPrincipalName");
                            ADSearch.PropertiesToLoad.Add("displayName");

                            SearchResult ADSearchResult = ADSearch.FindOne();

    Throws:

     

    System.Runtime.InteropServices.COMException was caught
      Message=An operations error occurred.

      Source=System.DirectoryServices
      ErrorCode=-2147016672
      StackTrace:
           at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
           at System.DirectoryServices.DirectoryEntry.Bind()
           at System.DirectoryServices.DirectoryEntry.get_AdsObject()
           at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
           at System.DirectoryServices.DirectorySearcher.FindOne()
           at NFA.Security.FormsAuthentication.GetUserFromAD(String searchFilter)
      InnerException:

    _COMPlusExceptionCode -532459699

    *Any* assistance in determining what is wrong would be appreciated.

    Google has not been my friend this week.

     

Alle Antworten

  • Donnerstag, 3. Mai 2012 19:48
     
     Beantwortet
    Anmelden
    0

    Ha

    After determining that the code was executing as the anonymous user, but having no idea why...

    we came upon

    http://support.microsoft.com/kb/2686411

    Sharepoint impersonates the IUSR account and is denied access to resources

         <add key="aspnet:AllowAnonymousImpersonation" value="true" />

    To enable this setting, you must have IIS 7 or IIS 7.5 running in Integrated mode. When this setting is enabled, the application runs under the security context of the IUSR identity.
    Additionally, creating a Forms-based Authentication Web Application will enable the setting and set it to true.

    Changed value to "false" and on to the next issue.

    I really can't think of a reason this beahvior would be considered beneficial.

    In what world does using forms authentication make it a sensible default to have all code run as anonymous?

    Anyways - asked and answered.

    • Als Antwort markiert nfts Donnerstag, 3. Mai 2012 19:49
    •