Raul77
asked on
get Active Directory username? (.COMException: Access is denied.)
I am using the code below to get the username of the person accessing the site, it seem to work for me when i access it from my local machine (i guess since i am admin) but when other other users try to access it from their local machine they get this error: I assume they cant query the Active Directory?
Server Error in '/' Application.
__________________________ __________ ____
Access is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServ ices.COMEx ception: Access is denied.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[COMException (0x80070005): Access is denied.
]
System.DirectoryServices.P ropertyVal ueCollecti on.Populat eList() +346601
System.DirectoryServices.P ropertyVal ueCollecti on..ctor(D irectoryEn try entry, String propertyName) +49
System.DirectoryServices.P ropertyCol lection.ge t_Item(Str ing propertyName) +150
_Default.Page_Load(Object sender, EventArgs e) +183
System.Web.Util.CalliHelpe r.EventArg FunctionCa ller(IntPt r fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEvent HandlerDel egateProxy .Callback( Object sender, EventArgs e) +35
System.Web.UI.Control.OnLo ad(EventAr gs e) +99
System.Web.UI.Control.Load Recursive( ) +50
System.Web.UI.Page.Process RequestMai n(Boolean includeStagesBeforeAsyncPo int, Boolean includeStagesAfterAsyncPoi nt) +627
Server Error in '/' Application.
__________________________
Access is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServ
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[COMException (0x80070005): Access is denied.
]
System.DirectoryServices.P
System.DirectoryServices.P
System.DirectoryServices.P
_Default.Page_Load(Object sender, EventArgs e) +183
System.Web.Util.CalliHelpe
System.Web.Util.CalliEvent
System.Web.UI.Control.OnLo
System.Web.UI.Control.Load
System.Web.UI.Page.Process
String LDAPpath = "LDAP://192.168.0.2/";
System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
string[] a = Context.User.Identity.Name.Split('\\');
System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
string Name = ADEntry.Properties["FullName"].Value.ToString();
Literal name = new Literal();
name.Text = "Hello " + Name + ",";
The error is self explanatory. The user does not have the permission to query the active directory.
If you just want the name you can use:
Request.LogonUserIdentity. Name.Split ('\\')[1]
Request.LogonUserIdentity.
Right sorry you needed the real name, my apologies wasn't paying attention!
There are two options really, you can either run your application in the context of a domain user rather than the aspnet local user on your webserver (this is not necessarily a good option as you have to consider the security implications of this), or you can use the DirectoryObject constructor with the optional username and password:
System.DirectoryServices.D irectoryEn try ADEntry = new System.DirectoryServices.D irectoryEn try("WinNT ://" + a[0] + "/" + a[1], DomainAndUserName, Password, AuthenticationTypes.Secure )
System.DirectoryServices.D
ASKER
TimCotte:
thanks for the reply, i tried the second option using this code
System.DirectoryServices.D irectoryEn try ADEntry = new System.DirectoryServices.D irectoryEn try("WinNT ://" + a[0] + "/" + a[1],"testuser@mydomain.lo cal","pass word",Auth entication Types.Secu re);
i get the following error
The network path was not found.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServ ices.COMEx ception: The network path was not found.
if i go to original code it works.
appreciate the help.
thanks for the reply, i tried the second option using this code
System.DirectoryServices.D
i get the following error
The network path was not found.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServ
if i go to original code it works.
appreciate the help.
You need to replace the a[0] with domain name and a[1] with user name
ASKER
mmmm but doesnt that always give the same user's full name?
what i want to achieve is when user X goes to this site from his machine display USer X Full name and if user Y go there, display user Y full name.
thanks,
what i want to achieve is when user X goes to this site from his machine display USer X Full name and if user Y go there, display user Y full name.
thanks,
No you replace the a[1] with the user's username to retrieve the user's fullname.
ASKER
codeCruiser: did you go over my code?
if i replace a1 , no matter who is using my app, they will get the user i specify there.
if i replace a1 , no matter who is using my app, they will get the user i specify there.
String LDAPpath = "LDAP://192.168.0.2/";
System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
string[] a = Context.User.Identity.Name.Split('\\');
System.DirectoryServices.DirectoryEntry ADEntry = new System.DirectoryServices.DirectoryEntry("WinNT://" + a[0] + "/" + a[1]);
string Name = ADEntry.Properties["FullName"].Value.ToString();
Literal name = new Literal();
name.Text = "Hello " + Name + ",";
yeah that's right now. a[1] is the correct variable to use. Try this code as it works for me
System.DirectoryServices.D irectoryEn try ADEntry = new System.DirectoryServices.D irectoryEn try("WinNT ://" + My.User.Name.Replace("\", "/");
I realize the my namespace is not available in C# but you can replace it with corresponding code. But this code definitely works for me.
System.DirectoryServices.D
I realize the my namespace is not available in C# but you can replace it with corresponding code. But this code definitely works for me.
ASKER
CodeCruise, your code has the same issue as my original, keep in mind the original code i posted also works, but other users are not permitted to query the Active Directory.
how is the code you provided fix the permission issue? i think i need to provide a user/pass to be able to query the Active Directory.
how is the code you provided fix the permission issue? i think i need to provide a user/pass to be able to query the Active Directory.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) The code given by TimCottee above DOES use the username and password.
2) The link you posted as the solution DOES NOT use the user name and password so how does it solve your permissions problem?
2) The link you posted as the solution DOES NOT use the user name and password so how does it solve your permissions problem?
ASKER
i dont know how it solved it, but it did !!! i guess cuz it uses LDAP instead of WINNT !!! all users can access now with no problem.