UserPrincipal from Active Directory
Solution 1
change the identity of your ApplicationPool
to run using domain user.
in iis 6 right-click your application pool, go to Identity
tab and set a domain user under which the pool will run.
in iis 7 right-click your application pool, select advance settings, under process model you'll find Identity
, change it to use domain user.
you can also pass a domain user and pass to PrincipalContest Constructor
using (PrincipalContext context = new PrincipalContext(
ContextType.Domain,
"name of your domain",
"container of your domain",
"user@domain", //create a user in domain for context creation purpose.. this username will be constant.. you can keep it in app config
"password")){
UserPrincipal up = UserPrincipal.FindByIdentity(pc, usr.SoeId);
return up.DisplayName;
}
if your domain name is dom.com
then your container would be something like DC=dom,DC=com
and the user name should be given as [email protected]
or dom\user
Solution 2
Use this:
// find currently logged in user
UserPrincipal adUser = null;
using (HostingEnvironment.Impersonate())
{
var userContext = System.Web.HttpContext.Current.User.Identity;
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, ConfigurationManager.AppSettings["AllowedDomain"], null,
ContextOptions.Negotiate | ContextOptions.SecureSocketLayer);
adUser = UserPrincipal.FindByIdentity(ctx, userContext.Name);
}
You must wrap any 'context' calls in HostingEnvironment.Impersonate
Kamil
Updated on June 14, 2022Comments
-
Kamil almost 2 years
I have problem with getting UserPrincipal from Active Directory. First of all I have used on my local environment (using not IIS but ASP.NET development Server):
User usr = new User(); usr.SoeId = Request.ServerVariables["LOGON_USER"]; usr.IP = Request.ServerVariables["REMOTE_ADDR"]; usr.FirstName = UserPrincipal.Current.GivenName; usr.LastName = UserPrincipal.Current.Surname;
And it works fine. I got what I want. But when I install application on testing environment I got error "Object reference not set to an instance of an object". I have tried solution from here.
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain)) { UserPrincipal up = UserPrincipal.FindByIdentity(pc, usr.SoeId); return up.DisplayName; // or return up.GivenName + " " + up.Surname; }
But it does not work.
I use windows authentication. Impersonation is set to true. Please help me.
-
Kamil over 11 yearsI use IIS 7 but I don't have under Identity DomainUser. I can chose only LocalService, LocalSystem,NetworkService and ApplicationPoolIdentity (which I set first).
-
th1rdey3 over 11 years@Kamil is your iis server inside the domain or outside the domain?
-
shubniggurath over 10 yearsI'm experiencing a similar problem with an internal-only web app. I have IIS 7, but there is no 'domain user' under "Built-in account" Seeing the same things Kamil experiences in above comment. Suggestions?
-
shubniggurath over 10 yearsI am trying to. I'm unsure what the domain name is, the container is...and...if I set a static user (in active directory), will it still be pulling from the user currently on the site?
-
th1rdey3 over 10 yearsYou will pass
PrincipalContext
a static user and then useUserPrincipal.FindByIdentity
to find the user currently on site. -
shubniggurath over 10 yearsCool! So that static user will need to be set up in AD, yes?
-
th1rdey3 over 10 yearsyes, but I am not sure if that static user needs to be in the administrator group.
-
shubniggurath over 10 yearsI have tried everything I know to try. I think my problem, the underlying problem perhaps of everything, is that Environment.UserName (or System.Environment.UserName) is not working at all on the IIS server. This could be because I can't set the applicationpool to Domain user...because it's not an option. How would I set that up custom?
-
th1rdey3 over 10 yearsHave a custom membership provider class that inherits the
ActiveDirectoryMembershipProvider
class. then in yourValidateUser
method callbase.ValidateUser(username,password)
. use web config to set the LDAP connection string and provider.