C# Active Directory FindByIdentity Fails

0

Ok, I have Active Directory lookups working fine when a user enters their user pass. Now I am trying to adapt that code to allow for single sign-on. What I have:

  • IIS App Pool set to Network User
  • Anonymous Auth turned off in IIS
  • web config setup with and

Code:

WindowsIdentity userIdentity = WindowsIdentity.GetCurrent();
using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "mydomain.com"))
{
this.User = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, userIdentity.Name);

The FindByIdentity fails with one of these errors depending on different context changes:

Unknown error (0x8000500c) Stack: at System.DirectoryServices.PropertyValueCollection.PopulateList()

Unknown error (0x80005000) Stack: at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()

things I have tried include, adding the container name to the context lookup in the form of "cn=Users,dc=mydomain,dc=com" and "dc=mydomain,dc=com" as well as including or not including ContextOptions.Negotiate either with the container set or the container passed as null.

Just not sure where to go next. I need all of the Group Names for the user, and I have tried just getting the group names with UserPrincipal.Current.GetGroups or whatever that one is, but it fails with the same PopulateList() error as above.

Am I missing something simple? If I provide the user/pass in the context creation it works fine so I am not sure if I have to create an AD user in order to query AD but that is not a great option if at all.

I have read all the posts regarding this and cannot seem to get past it.

c#
iis
active-directory
asked on Stack Overflow Mar 2, 2017 by JeffR

1 Answer

0

Error 0x8000500c means Active Directory Datatype Cannot be Converted to/from a Native DS Datatype.

This problem is caused because WindowsIdentity.Name is in the format DOMAIN\USERNAME which is not a valid SamAccountName.

Seems like you are trying to get the UserPrincipal for the current user, if so just use UserPrincipal.Current.

answered on Stack Overflow Mar 3, 2017 by Ashigore

User contributions licensed under CC BY-SA 3.0