Login/Register
Getting UserPrincipal with Windows authentication and anonymous authentication on
Asked Answered
c#asp.net.netiis-7.5userprincipal
R

2

6

The following code only works while only Windows Authentication is enabled in IIS for local users on our network.

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
     UserPrincipal up = UserPrincipal.FindByIdentity(ctx, userName);
     return up;
}

Otherwise it throws this exception:

[ArgumentException: The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.] System.DirectoryServices.ResultsEnumerator.MoveNext() +434305 System.DirectoryServices.SearchResultCollection.get_InnerList() +282 System.DirectoryServices.SearchResultCollection.get_Count() +9 System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory) +1898 System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate) +85 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +211 System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95 WebApplication1.Index.GetUserPrincipal(String userName) in C:\Users\xxx\Documents\Visual Studio 2010\Projects\WebApplication1\WebApplication1\Index.aspx.cs:38 WebApplication1.Index.Page_Load(Object sender, EventArgs e) in C:\Users\xxx\Documents\Visual Studio 2010\Projects\WebApplication1\WebApplication1\Index.aspx.cs:19 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive() +71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064

Is there any way of getting this to work for getting our local users UserPrincipal while Windows and Anonymous authentication are both turned on?

Rhizo answered 13/3, 2013 at 9:27 Comment(0)
O
1

userName must be an empty string (or in some other way, entirely composed of whitespace), and apparently it's not validated by FindByIdentity.

Oleaginous answered 9/4, 2013 at 14:31 Comment(0)
S
0

Not sure how you got FindByIdentity to work as I thought one is required to specify the identity type as well? i.e:

UserPrincipal up = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, userName);

Either way, impersonation might work if you force it. Thus before that code snippet use the following:

// This will impersonate the logged in user in order to get whichever username you require GIVEN the logged in user has AD read/querying rights.

System.Web.HttpContext.Current.Request.LogonUserIdentity.Impersonate();
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
    {
    UserPrincipal up = UserPrincipal.FindByIdentity(ctx, userName);
    return up;
    }
Silsby answered 9/4, 2013 at 14:25 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.