asked on

get Active Directory username? (.COMException: Access is denied.)

I am using the code below to get the username of the person accessing the site, it seem to work for me when i access it from my local machine (i guess since i am admin) but when other other users try to access it from their local machine they get this error: I assume they cant query the Active Directory?

Server Error in '/' Application.
________________________________________
Access is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Access is denied.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80070005): Access is denied.
]
System.DirectoryServices.PropertyValueCollection.PopulateList() +346601
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +49
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +150
_Default.Page_Load(Object sender, EventArgs e) +183
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627

String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

Nasir Razzaq

The error is self explanatory. The user does not have the permission to query the active directory.

daveamour

If you just want the name you can use:
Request.LogonUserIdentity.Name.Split('\\')[1]

daveamour

Right sorry you needed the real name, my apologies wasn't paying attention!

TimCottee

There are two options really, you can either run your application in the context of a domain user rather than the aspnet local user on your webserver (this is not necessarily a good option as you have to consider the security implications of this), or you can use the DirectoryObject constructor with the optional username and password:

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1], DomainAndUserName, Password, AuthenticationTypes.Secure)

Raul77

ASKER

TimCotte:
thanks for the reply, i tried the second option using this code

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1],"testuser@mydomain.local","password",AuthenticationTypes.Secure);

i get the following error

The network path was not found.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The network path was not found.

if i go to original code it works.

appreciate the help.

Nasir Razzaq

You need to replace the a[0] with domain name and a[1] with user name

Raul77

ASKER

mmmm but doesnt that always give the same user's full name?
what i want to achieve is when user X goes to this site from his machine display USer X Full name and if user Y go there, display user Y full name.

thanks,

Nasir Razzaq

No you replace the a[1] with the user's username to retrieve the user's fullname.

Raul77

ASKER

codeCruiser: did you go over my code?
if i replace a1 , no matter who is using my app, they will get the user i specify there.

String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

Nasir Razzaq

yeah that's right now. a[1] is the correct variable to use. Try this code as it works for me

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + My.User.Name.Replace("\", "/");

I realize the my namespace is not available in C# but you can replace it with corresponding code. But this code definitely works for me.

Raul77

ASKER

CodeCruise, your code has the same issue as my original, keep in mind the original code i posted also works, but other users are not permitted to query the Active Directory.

how is the code you provided fix the permission issue? i think i need to provide a user/pass to be able to query the Active Directory.

ASKER CERTIFIED SOLUTION

Raul77

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Nasir Razzaq

1) The code given by TimCottee above DOES use the username and password.
2) The link you posted as the solution DOES NOT use the user name and password so how does it solve your permissions problem?

Raul77

ASKER

i dont know how it solved it, but it did !!! i guess cuz it uses LDAP instead of WINNT !!! all users can access now with no problem.