Delegation not working on some computers

1

I have an asp.net application that uses delegation to perform actions on the Active Directory as the authenticating user. The application works perfectly on some computers and doesn't work at all on other computers, on these other computers they receive a COMexception error code 0x80072020 the stack trace is:

System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FineOne()
at ResetUnlockAccount.ResetUnlockAccount.ExecuteImpersonation(String username)

The code that is throwing the error is:

WindowsIdentity winId = (WindowsIdentity)HttpContext.Current.User.Identity;            
WindowsImpersonationContext ctx = null;
try
{
    ctx=winId.Impersonate();
    using (DirectoryEntry directoryObject = new DirectoryEntry(ROOT))
    {
        using (DirectorySearcher search = new DirectorySearcher(directoryObject))
        {                        
            search.Filter = "(&(objectClass=user)(SAMAccountName=username))";
            search.SearchScope = SearchScope.Subtree; 
 ///////////////////////////////////////////////////////////////////
 This line is causing the issue.               
 ---------->SearchResult result = search.FindOne();

            using (DirectoryEntry user = result.GetDirectoryEntry())
            {
                user.Invoke("SetPassword", new object[] { password });
                user.Properties["pwdLastSet"][0] = 0;
                user.CommitChanges();
                lblOutput.Text = "It worked";
            }
        }
    }

}
catch (Exception ex)
{
    lblOutput.Text += ex.ToString();
}
finally
{
    if (ctx != null)
        ctx.Undo();
}

At first I thought it was a User permission issue, so I tested it by trying my credentials on one of the computers that was having issues, I encountered the same issues. To confirm it wasn't User permission issues I tried it on my workstation with the other persons credentials and it worked perfectly.

I wrote a quick test program that would show me the impersonation level of the users, when working correctly it should be Delegation. When I ran it on my machine the output was:

Authentication Type: Negotiate
Token: 9999
Name: domain\username
Is Authenticated: True
Impersonation level: Delegation

When I ran it on the other Workstation:

Authentication Type: Negotiate
Token: 9999
Name: domain\username
Is Authenticated: True
Impersonation level: Impersonation

Server: IIS 7.0 Browser: IE 8

I don't know what is causing the issue with only certain computers, if anyone knows of a specific setting that should be changed for delegation to work properly I would be grateful. Below I have posted two other links that will help give more insight into my problem.

.GetDirectoryEntry throws COM exception, code:0x800720720 when attempting to bind to object

asp.net application userprincipal.findbyidentity works with browser on server, throws exception from my machine

c#
asp.net
iis-7
delegation
asked on Stack Overflow Jun 20, 2014 by Tory Hill • edited May 23, 2017 by Community

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0