7

So I have a question I'm honestly not quite sure how to ask. Essentially I have a bit of code that works fantastically on my local machine when I run it. Once I publish it to our development web server, it fails. I'm not sure if it's an IIS setup issue, web.config issue or a coding issue.

Here's the snippet of code

    bool isMember = false;

    PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);
    UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);

    if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim()))
    {
        isMember = true;
    }

    return isMember;

Where I pass in a user name and a group and it tells me if that user’s a member in that group. No problem. Works great on my machine. I went to publish that code to the webserver and it fails when it hits the line

UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);

it throws this error:

[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +63
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163 System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +521217
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +141
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95
Cosmic.Web.Login.btnSubmit_Click(Object sender, EventArgs e) in C:\cosmic\Cosmic.Web\Login.aspx.cs:79
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3691

Any ideas where this could be failing?

Kiquenet
  • 14,494
  • 35
  • 148
  • 243
Seril
  • 499
  • 4
  • 9
  • 22

2 Answers2

17

My first guess would be: that user account you're running this code under doesn't have the necessary permissions to query Active Directory.

To fix this, basically you need to change your constructor from this:

PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain);

(establishes a connection to AD with the current, default credentials this code is running under)

to this:

PrincipalContext ADDomain = 
   new PrincipalContext(ContextType.Domain, "DOMAIN", useraccount, password);

and provide a username and password for a user account that you know has sufficient privileges to query Active Directory.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • 1
    You know what, that's what it was. The webserver doesn't have the right credentials to hit Active Directory. Put some credentials in there and it works quite a bit better. Thanks! – Seril Jan 03 '12 at 17:58
0

If you've got several seconds to spare waiting for your data form a large AD, then go ahead and use PrincipalContext but if you want your response in milliseconds, use DirectoryEntry, DirectorySearcher and .PropertiesToLoad.

Here's an example

https://stackoverflow.com/a/65986796/5248400

MikeZ
  • 1,155
  • 1
  • 13
  • 20