Active Directory authentication issue after reconnect - C#

1

adding more info on @serialhobbyist's request

hi all. we're (= me and my colleagues) using PrincipalContext from System.DirectoryServices.AccountManagement to retrieve some authentication info (make sure a user belongs to a group etc).

Important: our client is a service running as LocalSystem. this does not happen when we run in a normal process or when we change the service to run as a specific user

here's a code sample:

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain))
{
    Principal p = Principal.FindByIdentity(ctx,IdentityType.Sid, sid);
    ...
}

normally all works well (getting replies). once in a few hours (the trigger is not clear), or after a network disconnect and reconnect, (when our AD client disconnects, via network cable disconnect or VM adapter disable etc) we're getting this exception:

System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable``1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)

searched for the exception (0x80072020), I see it translates to LDAP_OPERATIONS_ERROR (actually used as a code value translation example here :) ) we inspected the traffic using wireshark and the exception is thrown before any LDAP query is sent.
after re-starting our process everything is back to normal (can validate successfully, no exceptions). can anybody shed light on the matter? any ideas how to achieve the equivalent the cleanups done on process termination? thanks!

update: we've found a way around this, will supply answer below. however, we'd rather find a simpler solution.

c#
active-directory
ldap
asked on Stack Overflow Sep 6, 2009 by Yonatan Karni • edited Oct 6, 2009 by Yonatan Karni

1 Answer

0

we've found a workaround here on msdn, by querying LDAP directly using the DirectoryEntry + DirectorySearcher objects. this requires some rather nasty parsing (considering this ins't our main speciality) instead of working via existing objects. using this approach however the condition described above isn't encountered. as mentioned above, we would appreciate a better solution using the existing objects.

answered on Stack Overflow Oct 6, 2009 by Yonatan Karni

User contributions licensed under CC BY-SA 3.0