Friday, November 8, 2019

c# - UserPrincipal.FindByIdentity Permissions



I'm attempting to use the .NET System.DirectoryServices.AccountManagement library to obtain the UserPrincipal for a particular Active Directory user.



I've got the following code:




PrincipalContext context = new PrincipalContext(ContextType.Domain, "DomainName");
userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, username);


This code is running as a valid domain user, but when I execute it I get the following exception:




System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.





What's interesting is that I can make the following call, using the same context, without a problem:



context.ValidateCredentials(username, password, ContextOptions.Negotiate)


Ideas?


Answer



You need to use the the PrincipalContext constructor that takes username and password.



The reason that Validate works is because its using the provided credentials to bind to the directory.



No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...