Geek Answers Handbook

C # Active Directory Error PrincipalContext / UserPrincipal.IsMemberOf

So, I have a question, I'm honestly not quite sure how to ask. Essentially, I have some code that works fantastically on my local machine when I run it. As soon as I publish it on our development web server, it fails. I'm not sure if this is a problem with installing IIS, a problem with web.config, or a problem with encoding.

Here is a snippet of code

bool isMember = false; PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain); UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID); if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim())) { isMember = true; } return isMember;

Where I pass the username and group and it tells me if these users are a member of this group. No problems. Works great on my car. I went to post this code to a web server and it fails when it hits the line

 UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);

he throws this error:

[DirectoryServicesCOMException (0x80072020): An operation error occurred.]
System.DirectoryServices.DirectoryEntry.Bind (Boolean throwIfFail) +788
System.DirectoryServices.DirectoryEntry.Bind () +44
System.DirectoryServices.DirectoryEntry.get_AdsObject () +42
System.DirectoryServices.PropertyValueCollection.PopulateList () +29
System.DirectoryServices.PropertyValueCollection..ctor (DirectoryEntry entry, String propertyName) +63
System.DirectoryServices.PropertyCollection.get_Item (String propertyName) +163 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer () +521217
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit () +51
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize () +141
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx () +42
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper (PrincipalContext context, Type mainType, Nullable`1 identityType, String identityValue, DateTime refDate) +29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity (PrincipalContext context, String identityValue) +95
Cosmic.Web.Login.btnSubmit_Click (object sender, EventArgs e) in C: \ cosmic \ Cosmic.Web \ Login.aspx.cs: 79
System.Web.UI.WebControls.Button.RaisePostBackEvent (String eventArgument) +154
System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3691

Any ideas in which this might be unsuccessful?

+7
source share
1 answer

My first guess: the user account that runs this code does not have the necessary permissions to query Active Directory.

To fix this, basically you need to change your constructor as follows:

 PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);

(establishes a connection to AD with the current default credentials in which this code works)

:

 PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain, "DOMAIN", useraccount, password);

and provide a username and password for a user account that, as you know, has sufficient privileges to query Active Directory.

+17
source

More articles:


All Articles