UserPrincipal from Active Directory

Question

I have problem with getting UserPrincipal from Active Directory. First of all I have used on my local environment (using not IIS but ASP.NET development Server):

User usr = new User();
usr.SoeId = Request.ServerVariables["LOGON_USER"];
usr.IP = Request.ServerVariables["REMOTE_ADDR"];
usr.FirstName = UserPrincipal.Current.GivenName;
usr.LastName = UserPrincipal.Current.Surname;

And it works fine. I got what I want. But when I install application on testing environment I got error "Object reference not set to an instance of an object". I have tried solution from here.

using (PrincipalContext pc = new PrincipalContext(ContextType.Domain))
{
    UserPrincipal up = UserPrincipal.FindByIdentity(pc, usr.SoeId);
    return up.DisplayName;
    // or return up.GivenName + " " + up.Surname;
}

But it does not work.

I use windows authentication. Impersonation is set to true. Please help me.

Please show more code than just UserPrincipal.Current.GivenName we need to see how you are instantiating the Object variable — MethodMan, Oct 02 '12 at 14:56
Is ["Allow anonymous"](http://technet.microsoft.com/en-us/library/cc731244(v=ws.10).aspx) turned off in IIS? — PHeiberg, Oct 02 '12 at 15:06
Yes the anonymous authentication is disabled. I use IIS 7.0 and Windows Server 2008 if it has any meaning. — Kamil, Oct 02 '12 at 15:09
Yeah, I had problem like that. Just double-check what are security permission on IIS, and who is the user that running your application: if this user don't have enough permission in AD, your code gonna fail like what you have. — Bestter, Oct 02 '12 at 15:10
I have even try to log in as Administrator and still it doesn't work. The username of Request.ServerVariables["LOGON_USER"] is "DOMAIN\Administrator" — Kamil, Oct 02 '12 at 15:23

th1rdey3 · Answer 1 · 2012-10-02T19:08:31.853

4

change the identity of your ApplicationPool to run using domain user.

in iis 6 right-click your application pool, go to Identity tab and set a domain user under which the pool will run.

in iis 7 right-click your application pool, select advance settings, under process model you'll find Identity, change it to use domain user.

you can also pass a domain user and pass to PrincipalContest Constructor

using (PrincipalContext context = new PrincipalContext(
                                    ContextType.Domain,
                                    "name of your domain",
                                    "container of your domain",
                                    "user@domain", //create a user in domain for context creation purpose.. this username will be constant.. you can keep it in app config
                                    "password")){
    UserPrincipal up = UserPrincipal.FindByIdentity(pc, usr.SoeId);
    return up.DisplayName;
}

if your domain name is dom.com then your container would be something like DC=dom,DC=com and the user name should be given as user@dom.com or dom\user

edited Oct 02 '12 at 19:08

answered Oct 02 '12 at 15:37

th1rdey3

4,176
7
30
66

I use IIS 7 but I don't have under Identity DomainUser. I can chose only LocalService, LocalSystem,NetworkService and ApplicationPoolIdentity (which I set first). – Kamil Oct 02 '12 at 15:56
@Kamil is your iis server inside the domain or outside the domain? – th1rdey3 Oct 06 '12 at 15:02
I'm experiencing a similar problem with an internal-only web app. I have IIS 7, but there is no 'domain user' under "Built-in account" Seeing the same things Kamil experiences in above comment. Suggestions? – shubniggurath Oct 21 '13 at 16:09
I am trying to. I'm unsure what the domain name is, the container is...and...if I set a static user (in active directory), will it still be pulling from the user currently on the site? – shubniggurath Oct 21 '13 at 17:11
1

You will pass `PrincipalContext` a static user and then use `UserPrincipal.FindByIdentity` to find the user currently on site. – th1rdey3 Oct 21 '13 at 17:37
Cool! So that static user will need to be set up in AD, yes? – shubniggurath Oct 22 '13 at 17:33
1

yes, but I am not sure if that static user needs to be in the administrator group. – th1rdey3 Oct 22 '13 at 18:00
I have tried everything I know to try. I think my problem, the underlying problem perhaps of everything, is that Environment.UserName (or System.Environment.UserName) is not working at all on the IIS server. This could be because I can't set the applicationpool to Domain user...because it's not an option. How would I set that up custom? – shubniggurath Oct 22 '13 at 21:27
1

Have a custom membership provider class that inherits the `ActiveDirectoryMembershipProvider` class. then in your `ValidateUser` method call `base.ValidateUser(username,password)`. use web config to set the LDAP connection string and provider. – th1rdey3 Oct 23 '13 at 04:08

score 1 · Answer 2 · answered Jan 22 '16 at 16:47

Use this:

 // find currently logged in user
        UserPrincipal adUser = null;
        using (HostingEnvironment.Impersonate())
        {
            var userContext = System.Web.HttpContext.Current.User.Identity;
            PrincipalContext ctx = new PrincipalContext(ContextType.Domain, ConfigurationManager.AppSettings["AllowedDomain"], null,
                ContextOptions.Negotiate | ContextOptions.SecureSocketLayer);
            adUser = UserPrincipal.FindByIdentity(ctx, userContext.Name);
        }

You must wrap any 'context' calls in HostingEnvironment.Impersonate

UserPrincipal from Active Directory

2 Answers2