asp.net – IIS 7.5中的Windows身份验证因信任关系异常而失败

前端之家收集整理的这篇文章主要介绍了asp.net – IIS 7.5中的Windows身份验证因信任关系异常而失败前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个ASP.Net 2.0应用程序,它使用集成的 Windows身份验证来验证/授权用户.该应用程序在Windows XP / IIS 5.1,Windows Server 2008 / IIS 7和Windows Vista / IIS 7上正常工作.当我尝试在Windows 7 / IIS 7.5上运行此应用程序时,我得到以下异常:此之间的信任关系工作站和主域失败.

堆栈跟踪如下:

[SystemException: The trust relationship between this workstation and the primary domain Failed.
]
   System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts,Boolean& someFailed) +1085
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts,Type targetType,Boolean forceSuccess) +46
   System.Security.Principal.WindowsPrincipal.IsInRole(String role) +128
   System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles,IPrincipal principal) +229
   System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user,String verb) +354
   System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user,String verb) +245
   System.Web.Security.UrlAuthorizationModule.OnEnter(Object source,EventArgs eventArgs) +11153304
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step,Boolean& completedSynchronously) +171

web.config文件包含与身份验证/授权相关的以下信息:

<authentication mode="Windows" />
<authorization&gt
  <!--Deny anonymous users--&gt
  <deny users="?"/&gt
  <allow roles="domain\GroupWithAccess"/&gt
  <deny users="*"/&gt
</authorization&gt

我在研究此错误时发现的大多数结果表明问题与域中的计算机帐户损坏有关,并将解决方案列为重新加入域.我已经这样做但错误仍然出现. “正常”域操作正常(访问UNC共享,登录等).

出于兼容性原因,此应用程序在Classic .Net AppPool中运行.我尝试将AppPool的身份更改为“NetworkService”,但错误仍然存​​在.

任何帮助是极大的赞赏.

解决方法

在Windows Server 2008 R2上遇到同样的问题后,我终于找到了答案.从 this article开始:

Disable the following policies on the Windows 2008 R2 server,run gpupdate /force and restart the server.

“Computer Configuration\Windows Setting\Security Settings\Local Policies\Security Option”

Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally encrypt secure channel data (When possible)
Domain Member: Digitally sign secure channel data (When possible)

我可以确认这也解决了Windows 7上的问题.

原文链接:https://www.f2er.com/aspnet/248696.html

猜你在找的asp.Net相关文章