none
Getting WindowsIdentity from SID or Username RRS feed

  • Question

  • We have to check if an entity is a domain user or Domain user group in a WCF service running in a specific account. In order to do that we are using the following code:

    important note: the service call is impersonated so that client identity is retrived

    // set up domain context

    PrincipalContext ctx = newPrincipalContext(ContextType.Domain,domain); // find is entity is a user

    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, entityname);

    // find if the entity is a usergroupn

    GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, entityname);

    This code is working fine if the service and client is running in the same machine.

    However if a client tries to connect the service from a remote machine in Findbyidentity we are getting the following exception

    SystemException -> While resolving :
    000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580

    call stack :

    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_AdsObject()
    at System.DirectoryServices.PropertyValueCollection.PopulateList()
    at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
    at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
    at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
    at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
    at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
    at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
    at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
    at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)

    Now we want to know how is this happening? and going one more step can we get the WindowsIdentity of an user/entity from its name/SID, as if we get this the resolving technique specified can be directly take from WindowsIdentity.

                                        

    Tuesday, June 11, 2019 9:39 AM

All replies

  • The error message is clear. The code you running does not contain LDAP login token. Please perform Bind(i.e.: login) before performing query.

    Unless the client has login with SSPI, the credential won't be passed to server side on remote network. (client -> server -> LDAP server)


    Tuesday, June 11, 2019 9:59 AM
    Answerer
  • Is there any was to convert SID to WindowsIdentity?
    Tuesday, June 11, 2019 10:45 AM
  • Hi chattos,

    Thank you for posting here.

    Based on your description, you want to solve the exception that you provided when a client tries to connect the service from a remote machine.

    I could not reproduce your problem and I could get the correct user and group.

    Code:

     PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
    
                // find is entity is a user
    
                UserPrincipal user = UserPrincipal.FindByIdentity(ctx,"username");
    
                // find if the entity is a usergroupn
                CreateGroup("testgroup", true); //I create a group in my computer
    
                GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "testgroup");
    
            static GroupPrincipal CreateGroup(string groupName, Boolean isSecurityGroup)
            {
                GroupPrincipal retGroup = null;
                try
                {
    
                        PrincipalContext ctx = new PrincipalContext(ContextType.Machine);
                        GroupPrincipal insGroupPrincipal = new GroupPrincipal(ctx);
                        insGroupPrincipal.Name = groupName;
                        insGroupPrincipal.IsSecurityGroup = isSecurityGroup;
                        insGroupPrincipal.GroupScope = GroupScope.Local;
                        insGroupPrincipal.Save();
                        retGroup = insGroupPrincipal;
                    
                }
                catch (Exception ex)
                {
    
                }
    
                return retGroup;
            }

    Result:(I tested it in another computer)

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, June 12, 2019 2:12 AM
    Moderator
  • Hi

    Is your problem solved? If so, please post "Mark as answer" to the appropriate answer, so that it will help other members to find the solution quickly if they face a similar issue.

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, June 25, 2019 8:46 AM
    Moderator