DirectoryServicesCOMException on IIS7 with System.DirectoryServices.AccountManagement but not in dev

2

The following code works fine on my dev PC but crashes when deployed to the server:

using System.DirectoryServices.AccountManagement;

using (var ctx = new PrincipalContext(ContextType.Domain, domainName))
using (GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName))
{
    if (grp == null) return new string[0];

    return grp.GetMembers(true).Select(m => m.SamAccountName).ToArray();
}

The crash is as follows:

[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +439513
   System.DirectoryServices.DirectoryEntry.Bind() +36
   System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
   System.DirectoryServices.PropertyValueCollection.PopulateList() +22
   System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +96
   System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +141
   System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +1134
   System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +37
   System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +124
   System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +31
   System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +14
   System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) +86
   System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) +29
   WebApp.WebForm1.Test() in C:\MyProject\trunk\WebApp\WebForm1.aspx.cs:30

Scenario:

  • IIS7 on domain-joined Windows Server 2008 x64
  • ASP.NET 4 intranet application
  • All authentication modes off in IIS apart from Integrated Windows Authentication
  • App pool configured to run as a domain user

Web.config as follows:

<authentication mode="Windows" />
<authorization>
  <deny users="?"/>
</authorization>
<identity impersonate="true" >

System.Security.Principal.WindowsIdentity.GetCurrent().Name returns my AD username in production correctly, so I think that means impersonation is working correctly.

c#
iis-7
active-directory
windows-server-2008
directoryservices
asked on Stack Overflow Sep 4, 2012 by tomfanning

2 Answers

0

I was having the similar issue.

I was getting this error only after deployed at webserver, it was working perfect on my machine.

I found that ,at server, in IIS, the Impersonation was remained check with Window Authentication.

and by removing this impersonation in IIS,,, the error gone...

answered on Stack Overflow Feb 8, 2013 by Ram
0

I had a very similar problem. Solved it by running my App Pool as NetworkService. I'm also using Windows Authentication like you.

answered on Stack Overflow Feb 21, 2013 by Neville

User contributions licensed under CC BY-SA 3.0