• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1968
  • Last Modified:

get Active Directory username? (.COMException: Access is denied.)

I am using the code below to get the username of the person accessing the site, it seem to work for me when i access it from my local machine (i guess since i am admin) but when other other users try to access it from their local machine they get this error: I assume they cant query the Active Directory?

Server Error in '/' Application.
________________________________________
Access is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Access is denied.


Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80070005): Access is denied.
]
   System.DirectoryServices.PropertyValueCollection.PopulateList() +346601
   System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +49
   System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +150
   _Default.Page_Load(Object sender, EventArgs e) +183
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627

String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

0
Raul77
Asked:
Raul77
  • 6
  • 5
  • 2
  • +1
1 Solution
 
CodeCruiserCommented:
The error is self explanatory. The user does not have the permission to query the active directory.
0
 
daveamourCommented:
If you just want the name you can use:
Request.LogonUserIdentity.Name.Split('\\')[1]
0
 
daveamourCommented:
Right sorry you needed the real name, my apologies wasn't paying attention!
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
TimCotteeHead of Software ServicesCommented:
There are two options really, you can either run your application in the context of a domain user rather than the aspnet local user on your webserver (this is not necessarily a good option as you have to consider the security implications of this), or you can use the DirectoryObject constructor with the optional username and password:

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1], DomainAndUserName, Password, AuthenticationTypes.Secure)
0
 
Raul77Author Commented:
TimCotte:
thanks for the reply, i tried the second option using this code

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1],"testuser@mydomain.local","password",AuthenticationTypes.Secure);

i get the following error

The network path was not found.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The network path was not found.


if i go to original code it works.

appreciate the help.
0
 
CodeCruiserCommented:
You need to replace the a[0] with domain name and a[1] with user name
0
 
Raul77Author Commented:
mmmm but doesnt that always give the same user's full name?
what i want to achieve is when user X goes to this site from his machine display USer X Full name and if user Y go there, display user Y full name.

thanks,
0
 
CodeCruiserCommented:
No you replace the a[1] with the user's username to retrieve the user's fullname.
0
 
Raul77Author Commented:
codeCruiser: did you go over my code?
if i replace a1 , no matter who is using my app, they will get the user i specify there.


String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

0
 
CodeCruiserCommented:
yeah that's right now. a[1] is the correct variable to use. Try this code as it works for me

         System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + My.User.Name.Replace("\", "/");

I realize the my namespace is not available in C# but you can replace it with corresponding code. But this code definitely works for me.
0
 
Raul77Author Commented:
CodeCruise, your code has the same issue as my original, keep in mind the original code i posted also works, but other users are not permitted to query the Active Directory.

how is the code you provided fix the permission issue? i think i need to provide a user/pass to be able to query the Active Directory.
0
 
Raul77Author Commented:
0
 
CodeCruiserCommented:
1) The code given by TimCottee above DOES use the username and password.
2) The link you posted as the solution DOES NOT use the user name and password so how does it solve your permissions problem?
0
 
Raul77Author Commented:
i dont know how it solved it, but it did !!! i guess cuz it uses LDAP instead of WINNT !!! all users can access now with no problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now