When you run code that uses DirectorySearcher, DirectoryEntry or other classes that communicates with network resources from a webpart in a Sharepoint site, you recieve a: [COMException (0x80072020): An operations error occurred. ]
This is caused by the fact that when a user is authenticated against a sharepoint server using NTLM or Kerberos, a "secondary token" is sent to the server that it uses to authenticate the user. This token cannot be used to authenticate the current user against another server (e.g. a domain controller).
This can be circumvented by reverting the impersonation to the application pool account used by IIS (if this account has access to Active Directory) with the following code (this is equal to running with impersonation set to false in web.config):
using System.Web.Hosting;
...
...
// Code here runs as the logged on user
using (HostingEnvironment.Impersonate()) {
// This code runs as the application pool user
DirectorySearcher searcher ...
}
// Code here runs as logged on user again
34 comments:
Thanks very much for sharing :)
Finally a solution that works! Thank you.
L.E.G.E.N.D!
Thanks god I see the Post.
And thanks you very very much.
Excellent! You are the man...
Fail, in asp.net 1.1 not can use this function, and can't change the value impersonate=false in web.config How to do?
HostingEnvironment not existing in ASP.Net 1.1....any solutions?
Excellent!
hi,
i wanna get the detail information from active directory .after the user login by intergrated windows authentication.
i donnt want the user to input password twice.
when i set impersonate false, i can not run well in debug mode(http://localhost/proj_name)
but when i set impersonate true ,i can run well in debug mode.but can not in http://10.0.1.22/proj_name.
i init the entry instance by below:
DirectoryEntry entry = new DirectoryEntry("GC://test.test.biz", null, null, AuthenticationTypes.Secure)
can you help me?
thanks in advance!
i found a post in internet said that .when you said username,password in null ,the asp.net will user integrated windows authentication to get the access permission by active directory.
is that true?
Thx alot.
Solved all my problems as well :-)
Man, today you are my personal hero :) Was already think about jumping out of the window because of this problem ;)
Thanks for the info.
Solved an annoying issue for me.
Sven
Saved my day. Thanks for the information
Many thanks.
Thanks a lot...
tooo good! After all sorts of configurations and unsuccessfull attempts, this paid off 3 days of unworthiness.
thank you very much!
Hi,
I have used hostenvironment but it doesnot work for me in ASP.NET
Below is the code...
(HostingEnvironment.Impersonate())
{
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = RootDirectory;
deSearch.PropertiesToLoad.Add("cn");
deSearch.PropertiesToLoad.Add("SAMAccountName");
deSearch.Filter = "(&(objectClass=user)(SAMAccountName=" + employeeName + "))";
deSearch.SearchScope = SearchScope.Subtree;
results = deSearch.FindOne();
Mode = Windows
IMpersonation = True
pls help me to resolve..
Nice one. We are developing an ASP.net application and when deploying the same in server, it was giving the same error. Now it is been solved. Thanks a lot.
Thank you very much.
It solved my problem. I have been debugging this error for very very long time.
This solved my problem.
This solved my issue. I read a lot of posts about how this could be related to the connection pool or calling refreshcache on the directoryentry objects. Thanks.
THANK YOU! This was exactly what I needed when coding an extra ASPX page for a website that does not have Kerberos enabled.
Great post. Solved my issue. Thank You!!!
when I use your code I get Unable to cast object of type System.DirectoryServices.AccountManagement.GroupPrincipal to type System.DirectoryServices.AccountManagement.UserPrincipal surname. any suggestions?
THANKS!!!!!! really helps me a lot!
Thanks a lot. It saved my Time
Thank you very much. This solved my problem. I was all set for hours of lost productivity but I found your post right away and it fixed it for me.
Six years later and your post is still saving people!
Issue still there for 2003 Server!
Thanks! 3 days of searching and trying everything.
You ROCK!
Well done!
thank you sir
Thank you very much for the post. The two lines
using (HostingEnvironment.Impersonate())
{}
made it possible to query Active Directory from my WCF service.
You are a Life Savior
Nuren Geodakov, programmer
Post a Comment