[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

get Active Directory username? (.COMException: Access is denied.)

Posted on 2009-04-20
14
Medium Priority
?
1,880 Views
Last Modified: 2012-08-14
I am using the code below to get the username of the person accessing the site, it seem to work for me when i access it from my local machine (i guess since i am admin) but when other other users try to access it from their local machine they get this error: I assume they cant query the Active Directory?

Server Error in '/' Application.
________________________________________
Access is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Access is denied.


Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80070005): Access is denied.
]
   System.DirectoryServices.PropertyValueCollection.PopulateList() +346601
   System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +49
   System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +150
   _Default.Page_Load(Object sender, EventArgs e) +183
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627

String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

0
Comment
Question by:Raul77
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 24192531
The error is self explanatory. The user does not have the permission to query the active directory.
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24192534
If you just want the name you can use:
Request.LogonUserIdentity.Name.Split('\\')[1]
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24192541
Right sorry you needed the real name, my apologies wasn't paying attention!
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 43

Expert Comment

by:TimCottee
ID: 24192583
There are two options really, you can either run your application in the context of a domain user rather than the aspnet local user on your webserver (this is not necessarily a good option as you have to consider the security implications of this), or you can use the DirectoryObject constructor with the optional username and password:

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1], DomainAndUserName, Password, AuthenticationTypes.Secure)
0
 

Author Comment

by:Raul77
ID: 24196145
TimCotte:
thanks for the reply, i tried the second option using this code

System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1],"testuser@mydomain.local","password",AuthenticationTypes.Secure);

i get the following error

The network path was not found.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The network path was not found.


if i go to original code it works.

appreciate the help.
0
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 24196166
You need to replace the a[0] with domain name and a[1] with user name
0
 

Author Comment

by:Raul77
ID: 24196208
mmmm but doesnt that always give the same user's full name?
what i want to achieve is when user X goes to this site from his machine display USer X Full name and if user Y go there, display user Y full name.

thanks,
0
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 24196226
No you replace the a[1] with the user's username to retrieve the user's fullname.
0
 

Author Comment

by:Raul77
ID: 24196248
codeCruiser: did you go over my code?
if i replace a1 , no matter who is using my app, they will get the user i specify there.


String LDAPpath = "LDAP://192.168.0.2/";
        System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
        string[] a = Context.User.Identity.Name.Split('\\');
        System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
        string Name = ADEntry.Properties["FullName"].Value.ToString();
        Literal name = new Literal();
        name.Text = "Hello " + Name + ",";

Open in new window

0
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 24196290
yeah that's right now. a[1] is the correct variable to use. Try this code as it works for me

         System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + My.User.Name.Replace("\", "/");

I realize the my namespace is not available in C# but you can replace it with corresponding code. But this code definitely works for me.
0
 

Author Comment

by:Raul77
ID: 24196370
CodeCruise, your code has the same issue as my original, keep in mind the original code i posted also works, but other users are not permitted to query the Active Directory.

how is the code you provided fix the permission issue? i think i need to provide a user/pass to be able to query the Active Directory.
0
 

Accepted Solution

by:
Raul77 earned 0 total points
ID: 24196970
0
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 24199808
1) The code given by TimCottee above DOES use the username and password.
2) The link you posted as the solution DOES NOT use the user name and password so how does it solve your permissions problem?
0
 

Author Comment

by:Raul77
ID: 24199824
i dont know how it solved it, but it did !!! i guess cuz it uses LDAP instead of WINNT !!! all users can access now with no problem.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question