C# Active Directory PrincipalContext / UserPrincipal.IsMemberOf error
My first guess would be: that user account you're running this code under doesn't have the necessary permissions to query Active Directory.
To fix this, basically you need to change your constructor from this:
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);
(establishes a connection to AD with the current, default credentials this code is running under)
to this:
PrincipalContext ADDomain =
new PrincipalContext(ContextType.Domain, "DOMAIN", useraccount, password);
and provide a username and password for a user account that you know has sufficient privileges to query Active Directory.
Seril
Updated on June 18, 2022Comments
-
Seril almost 2 years
So I have a question I'm honestly not quite sure how to ask. Essentially I have a bit of code that works fantastically on my local machine when I run it. Once I publish it to our development web server, it fails. I'm not sure if it's an IIS setup issue, web.config issue or a coding issue.
Here's the snippet of code
bool isMember = false; PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain); UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID); if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim())) { isMember = true; } return isMember;Where I pass in a user name and a group and it tells me if that user’s a member in that group. No problem. Works great on my machine. I went to publish that code to the webserver and it fails when it hits the line
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);it throws this error:
[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +63
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +521217
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +141
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95
Cosmic.Web.Login.btnSubmit_Click(Object sender, EventArgs e) in C:\cosmic\Cosmic.Web\Login.aspx.cs:79
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3691Any ideas where this could be failing?
-
Seril over 12 yearsYou know what, that's what it was. The webserver doesn't have the right credentials to hit Active Directory. Put some credentials in there and it works quite a bit better. Thanks!