We have to check if an entity is a domain user or Domain user group in a WCF service running in a specific account. In order to do that we are using the following code:
important note: the service call is impersonated so that client identity is retrived
PrincipalContext ctx = newPrincipalContext(ContextType.Domain,domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, entityname);
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, entityname);
This code is working fine if the service and client is running in the same machine.
However if a client tries to connect the service from a remote machine in Findbyidentity we are getting the following exception
SystemException -> While resolving :
000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
call stack :
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
Now we want to know how is this happening? and going one more step can we get the WindowsIdentity of an user/entity from its name/SID, as if we get this the resolving technique specified can be directly take from WindowsIdentity.
What I have tried:
In order to do that we are using the following code:
important note: the service call is impersonated so that client identity is retrived
PrincipalContext ctx = newPrincipalContext(ContextType.Domain,domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, entityname);
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, entityname);
This code is working fine if the service and client is running in the same machine.
However if a client tries to connect the service from a remote machine in Findbyidentity we are getting the following exception
SystemException -> While resolving :
000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
call stack :
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
Submit an article or tip