最近,在 IIS 7 上运行的一个传统应用程序被移植到了 Azure App Service。
该应用程序使用 WebMatrix(Simple Membership)和 Active Directory 作为成员提供者。在 Azure App Service 上托管后,我们得到了 Access Denied 错误
web.config
<membership defaultProvider="simple">
<providers>
<clear />
<add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
<add name="AD1MembershipProvider" description="Active Directory"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
applicationName="appName" connectionStringName="AD1ConnectionString"
connectionUsername="..." connectionPassword="..."
connectionProtection="None"
enableSearchMethods="true" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="DefaultRoleProvider">
<providers>
<add name="DefaultRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
<connectionStrings>
<add name="AD1ConnectionString" connectionString="LDAP://something.DIR/DC=something,DC=something,DC=DIR" />
</connectionStrings>
应用程序在启动时给出了这个错误。
[COMException]: Access is denied.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.ActiveDirectory.DirectoryContext.IsContextValid(DirectoryContext context, DirectoryContextType contextType)
[UnauthorizedAccessException]: Access is denied.
at System.DirectoryServices.ActiveDirectory.DirectoryContext.IsContextValid(DirectoryContext context, DirectoryContextType contextType)
at System.DirectoryServices.ActiveDirectory.DirectoryContext.isServer()
at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
at System.Web.Security.DirectoryInformation.InitializeDomainAndForestName()
at System.Web.Security.ActiveDirectoryMembershipProvider.Initialize(String name, NameValueCollection config)
at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
[ConfigurationErrorsException]: Access is denied.
(D:\home\site\wwwroot\web.config line 106)
at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
at System.Web.Configuration.ProvidersHelper.InstantiateProviders(ProviderSettingsCollection configProviders, ProviderCollection providers, Type providerType)
at System.Web.Security.Membership.InitializeSettings(Boolean initializeGeneralSettings, RuntimeConfig appConfig, MembershipSection settings)
at System.Web.Security.Membership.Initialize()
at System.Web.Security.Membership.get_Providers()
at WebMatrix.WebData.WebSecurity.PreAppStartInit()
at WebMatrix.WebData.PreApplicationStartCode.Start()
[InvalidOperationException]: The pre-application start initialization method Start on type WebMatrix.WebData.PreApplicationStartCode threw an exception with the following error message: Access is denied.
(D:\home\site\wwwroot\web.config line 106).
at System.Web.Compilation.BuildManager.InvokePreStartInitMethodsCore(ICollection`1 methods, Func`1 setHostingEnvironmentCultures)
at System.Web.Compilation.BuildManager.InvokePreStartInitMethods(ICollection`1 methods)
at System.Web.Compilation.BuildManager.CallPreStartInitMethods(String preStartInitListPath, Boolean& isRefAssemblyLoaded)
at System.Web.Compilation.BuildManager.ExecutePreAppStart()
at System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException)
[HttpException]: The pre-application start initialization method Start on type WebMatrix.WebData.PreApplicationStartCode threw an exception with the following error message: Access is denied.
(D:\home\site\wwwroot\web.config line 106).
at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
我们尝试禁用 WebMatrix 在两个 providers 和 roleManager 但即使 ActiveDirectoryMembershipProvider 给出同样的错误。
有什么建议吗?