locked
Get data from AD in event receiver(need impersonation? RRS feed

  • Question

  • Hi! Sorry for my poor english.

    I have NTLM authorisation, I get some data from Active Directory. The code below works in console application, but fails in event receiver:

      public static DirectoryEntry GetDirectoryEntry()
      {
       DirectoryEntry de = new DirectoryEntry();
       de.Path = "LDAP://DC=some_name,DC=some_name";
       de.AuthenticationType = AuthenticationTypes.Secure;
       
       return de;
      }
      private static void FillDepartmentInformations()
     {
     DirectoryEntry entry = GetDirectoryEntry();
     DirectorySearcher adSearch = null;
     SearchResult result = null;
     
     try
        {
         adSearch = new DirectorySearcher(entry);
      
      // Set search options
         adSearch.Filter = "(SAMAccountName=" + "some_name" + ")";
         adSearch.PropertiesToLoad.Add("displayName");
      
      // HERE FAILS when in event receiver
      // with: System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred
         result = adSearch.FindOne();
        }
        catch (Exception ex)
        {
     }
     }
    


    Error code:

    System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred

    I think DC doesn't understand who is asking data, and I should turn on Kerberos authentification to make this code working.
    But it is undesired to use Kerberos in our network. I tried to use impersonalisation, but still get same error:

         System.Security.Principal.WindowsImpersonationContext wic = null;
         wic = System.Security.Principal.WindowsIdentity.GetCurrent().Impersonate();
         result = adSearch.FindOne();
      
      wic.Undo();
    

    I also tried to change parameter AuthenticationType to "Delegation"

    de.AuthenticationType = AuthenticationTypes.Delegation;
    

         
    and still get error.

    How can I get data from Active Directory in event receiver without Kerberos authentification?     

    • Edited by Mike Walsh FIN Wednesday, April 21, 2010 3:46 PM Do NOT try tricks like adding totally unnecessary ".)" to your posts to attract attention to them. Deleted from the Title this time. Please don't repeat
    Wednesday, April 21, 2010 3:19 PM

Answers

  • Thank for Your reply!

    Resolved this task explicitly setting login and password in DirectoryEntry constructor:

    DirectoryEntry dirEntry = new DirectoryEntry(path, login, password);
    DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);

     

    • Marked as answer by Rockie_ Thursday, April 22, 2010 7:55 AM
    Thursday, April 22, 2010 7:54 AM

All replies