C# Active Directory FindByIdentity Fails

Ok, I have Active Directory lookups working fine when a user enters their user pass. Now I am trying to adapt that code to allow for single sign-on. What I have:

• IIS App Pool set to Network User
• Anonymous Auth turned off in IIS
• web config setup with and

Code:

WindowsIdentity userIdentity = WindowsIdentity.GetCurrent();
using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "mydomain.com"))
{
this.User = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, userIdentity.Name);

The FindByIdentity fails with one of these errors depending on different context changes:

Unknown error (0x8000500c) Stack: at System.DirectoryServices.PropertyValueCollection.PopulateList()

Unknown error (0x80005000) Stack: at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()

things I have tried include, adding the container name to the context lookup in the form of "cn=Users,dc=mydomain,dc=com" and "dc=mydomain,dc=com" as well as including or not including ContextOptions.Negotiate either with the container set or the container passed as null.

Just not sure where to go next. I need all of the Group Names for the user, and I have tried just getting the group names with UserPrincipal.Current.GetGroups or whatever that one is, but it fails with the same PopulateList() error as above.

Am I missing something simple? If I provide the user/pass in the context creation it works fine so I am not sure if I have to create an AD user in order to query AD but that is not a great option if at all.

I have read all the posts regarding this and cannot seem to get past it.

Error 0x8000500c means Active Directory Datatype Cannot be Converted to/from a Native DS Datatype.

This problem is caused because WindowsIdentity.Name is in the format DOMAIN\USERNAME which is not a valid SamAccountName.

Seems like you are trying to get the UserPrincipal for the current user, if so just use UserPrincipal.Current.