UserPrincipal.FindByIdentity() always returns null
By using IdentityType.Name
, you're telling it that the value you're passing is the name of the account (which is the cn
attribute). If you want to match by username (the sAMAccountName
atrribute), you'll need to pass IdentityType.SamAccountName
.
Old answer: But you seem to be sending it the email address. So that will indeed always return nothing.
AD does not consider an email address to be a unique identifier, so you cannot use FindByIdentity
with an email address.
Here is an example on how to search by email address: http://doogalbellend.blogspot.ca/2012/03/finding-userprincipal-for-email-address.html
Comments
-
MSOACC almost 2 years
I am using LdapAuthentication to log a user into Active Directory. I want to find all the groups that the user belongs to. I am using the following code:
string adPath = "LDAP://OU=HR Controlled Users,OU=All Users,DC=myDomain,DC=local"; LdapAuthentication adAuth = new LdapAuthentication(adPath); try { if (true == adAuth.IsAuthenticated("myDomain", txtLoginEmail.Text, txtLoginPassword.Text)) { string email = txtLoginEmail.Text; using (PrincipalContext context = new PrincipalContext(ContextType.Domain)) { UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.Name, email); foreach (var group in user.GetGroups()) { Console.WriteLine(group.Name); } } } } catch(Exception e) { /* Handle Error */ }
My problem is that when I call UserPrincipal.FindByIdentity() I always get a null value, even though the user authentication works as intended.
Why is this happening? Is there a problem with the code or with my approach? This is running inside an ASP.NET 4.0 WebForms application.
Update:
Apparently I have been using the wrong IdentityType (cn). I checked in debug and the name of the account is "UserA".
So I tried using the following code manually:
UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.Name, "UserA");
But still I get null.
Update 2 (solved):
The issue was two fold. I needed to specify the name of my domain controller when declaring the
PrincipalContext
.using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "myDomain")) { // code here... }
Then, when searching for the
UserPrincipal
I was using the wrongIdentityType
; I was searching withIdentityType.Name
- which is the name of the account - instead ofIdentityType.SamAccountName
- which is the username.UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, email);
Issue solved.
-
MSOACC almost 8 yearsThanks for responding :) That label is actually the username which is not an email address, my colleague must have misnamed it. Whether that makes a difference or not? Anyway, I have updated the question with more details and I will check out the link that you posted. PS. There may be mismatches in the name of the domain but I have entered those manually to preserve the privacy of my company.
-
MSOACC almost 8 yearsBoom, got it to work based on your help. I will update with the working code / problem solved.
-
Gabriel Luci almost 8 yearsSimilar issue, but easier solution :) to match by username, you need to use
IdentityType.SamAccountName
. -
Nathan McKaskle over 6 yearsThis isn't working for me, it's still null and I'm passing the sAMAccountName and the type is right it's just not returning anything for some reason even though the user does exist.
-
Gabriel Luci over 6 yearsSo you're calling
UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, username)
, whereusername
is the sAMAccountName and you're getting nothing? Iscontext
pointing at the right domain? (do you have more than one domain in your environment?)