IIS 7.5中的Windows身份验证因信任关系异常而失败

Question

我有一个ASP.Net 2.0应用程序,它使用集成的Windows身份验证来验证/授权用户.该应用程序在Windows XP/IIS 5.1,Windows Server 2008/IIS 7和Windows Vista/IIS 7上正常运行.当我尝试在Windows 7/IIS 7.5上运行此应用程序时,出现以下异常:The trust relationship between this workstation and the primary domain failed.

堆栈跟踪如下:

[SystemException: The trust relationship between this workstation and the primary domain failed.
]
   System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1085
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +46
   System.Security.Principal.WindowsPrincipal.IsInRole(String role) +128
   System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +229
   System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +354
   System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +245
   System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +11153304
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171

web.config文件包含与身份验证/授权相关的以下信息:

<authentication mode="Windows" />
<authorization>
  <!--Deny anonymous users-->
  <deny users="?"/>
  <allow roles="domain\GroupWithAccess"/>
  <deny users="*"/>
</authorization>

我在研究此错误时发现的大多数结果表明问题与域中的计算机帐户损坏有关,并将解决方案列为重新加入域.我已经这样做但错误仍然出现."正常"域操作正常(访问UNC共享,登录等).

出于兼容性原因,此应用程序在Classic .Net AppPool中运行.我尝试将AppPool的身份更改为"NetworkService",但错误仍然存​​在.

任何帮助是极大的赞赏.

Answer 1

在Windows Server 2008 R2上遇到同样的问题后,我终于找到了答案.从这篇文章:

在Windows 2008 R2服务器上禁用以下策略,运行gpupdate/force并重新启动服务器.

"计算机配置\ Windows设置\安全设置\本地策略\安全选项"

域成员:对安全通道数据进行数字加密或签名(始终)
域成员:对安全通道数据进行数字加密(如果可能)
域成员:对安全通道数据进行数字签名(如果可能)

我可以确认这也解决了Windows 7上的问题.