get Active Directory username? (.COMException: Access is denied.)

I am using the code below to get the username of the person accessing the site, it seem to work for me when i access it from my local machine (i guess since i am admin) but when other other users try to access it from their local machine they get this error: I assume they cant query the Active Directory?

Server Error in '/' Application.
________________________________________
Access is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Access is denied.


Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80070005): Access is denied.
]
   System.DirectoryServices.PropertyValueCollection.PopulateList() +346601
   System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +49
   System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +150
   _Default.Page_Load(Object sender, EventArgs e) +183
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627

String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

Raul77Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CodeCruiserCommented:
The error is self explanatory. The user does not have the permission to query the active directory.
daveamourCommented:
If you just want the name you can use:
Request.LogonUserIdentity.Name.Split('\\')[1]
daveamourCommented:
Right sorry you needed the real name, my apologies wasn't paying attention!
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

TimCotteeHead of Software ServicesCommented:
There are two options really, you can either run your application in the context of a domain user rather than the aspnet local user on your webserver (this is not necessarily a good option as you have to consider the security implications of this), or you can use the DirectoryObject constructor with the optional username and password:

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1], DomainAndUserName, Password, AuthenticationTypes.Secure)
Raul77Author Commented:
TimCotte:
thanks for the reply, i tried the second option using this code

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1],"testuser@mydomain.local","password",AuthenticationTypes.Secure);

i get the following error

The network path was not found.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The network path was not found.


if i go to original code it works.

appreciate the help.
CodeCruiserCommented:
You need to replace the a[0] with domain name and a[1] with user name
Raul77Author Commented:
mmmm but doesnt that always give the same user's full name?
what i want to achieve is when user X goes to this site from his machine display USer X Full name and if user Y go there, display user Y full name.

thanks,
CodeCruiserCommented:
No you replace the a[1] with the user's username to retrieve the user's fullname.
Raul77Author Commented:
codeCruiser: did you go over my code?
if i replace a1 , no matter who is using my app, they will get the user i specify there.


String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

CodeCruiserCommented:
yeah that's right now. a[1] is the correct variable to use. Try this code as it works for me

         System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + My.User.Name.Replace("\", "/");

I realize the my namespace is not available in C# but you can replace it with corresponding code. But this code definitely works for me.
Raul77Author Commented:
CodeCruise, your code has the same issue as my original, keep in mind the original code i posted also works, but other users are not permitted to query the Active Directory.

how is the code you provided fix the permission issue? i think i need to provide a user/pass to be able to query the Active Directory.
Raul77Author Commented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CodeCruiserCommented:
1) The code given by TimCottee above DOES use the username and password.
2) The link you posted as the solution DOES NOT use the user name and password so how does it solve your permissions problem?
Raul77Author Commented:
i dont know how it solved it, but it did !!! i guess cuz it uses LDAP instead of WINNT !!! all users can access now with no problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.