C# – FindByIdentity failing with PricipalOperationException in ASP.NET webapp

active-directoryasp.netcvisual studio

I'm struggling with an issue in utilizing System.DirectoryServices.AccountManagement in my internal web application. The error is not very descriptive, but here's what's going on:

When I attempt to validate that a provided user id exists in the AD, I do so with the following code:

private bool IsWindowsIDValid(string strWindowsID) 
{ 
var context = new PrincipalContext(ContextType.Domain, "DOMAINSERVER", "DC=DOMAINNAME,DC=net"); 
var userPrincipal = UserPrincipal.FindByIdentity(context, strWindowsID); 
return (userPrincipal != null); 
}

However, an exception is throw at the second line, where FindByIdentity is called. Here are the exception details:

Message:
"An operations error occurred."

Stack trace:

at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at *****.IsWindowsIDValid(String strWindowsID) in *****.ascx.cs:line 193

This same error occurs if I attempt to examine the ConnectedServer property of the PrincipalContext as well. However, I can attempt to validate credentials against the context (using context.ValidateCredentials()), and it will pass just fine.

Any ideas as to what may be going on? I can run this code just fine in a stand alone console script on my machine – this is occurring in my local development environment, inside VisualStudio, when I attempt to debug the webapp. Is this a permissions issue or something else perhaps? I'm pretty lost at this point.

I appreciate any help!

-Patrick

Best Answer

An old question, but I had this same error. For me, the problem is that PrincipalContext doesn't work without a username and password in its constructor... I get the exact same error message whenever I call any method or property of the UserPrincipal (or on the PrincipalContext for that matter).

If you specify a username and password of a domain user with Active Directory permissions to the container you're specifying, the call to FindByIdentity should succeed:

var context = new PrincipalContext(ContextType.Domain, "DOMAINSERVER",
                                   "DC=DOMAINNAME,DC=net", userName, pw); 
var userPrincipal = UserPrincipal.FindByIdentity(context, strWindowsID);

For me, this isn't a solution, because I won't have those two parameters. But that's why you're getting the error you're getting.

According to Microsoft's help, doing it your way should run under the credentials of the calling process... but no matter who I'm running under (and I've verified the impersonation) calls to a UserPrincipal object without specifying a username and pw on its PrincipalContext just won't work.

Hope that belatedly helps, James

Best Answer

Related Solutions

.net – ASP.NET Web Site or ASP.NET Web Application

Website:

Web Application:

C# – Why does DirectoryServicesCOMException occur querying Active Directory from a machine other than the web server

Related Topic