locked
Could not get ActiveDirectory full name to display in text box RRS feed

  • Question

  • User325473304 posted

    Hi everyone, I'd like to ask for your help. I have this code in VB.Net below to get the logged on user's full name:

     

    Public Shared Function GetWindowsFullName() As String
    
                Dim strFullName As String = Nothing
    
                Dim Success As Boolean = False
    
                If IsNothing(strFullName) Then strFullName = System.Web.HttpContext.Current.User.Identity.Name
    
                strFullName = strFullName.Substring(strFullName.IndexOf("\") + 1)
    
                Dim Searcher As New System.DirectoryServices.DirectorySearcher("sAMAccountName=" & strFullName)
    
                Try
                    Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
                    Success = Not (Results Is Nothing)
                    strFullName = Results.GetDirectoryEntry().Properties("displayName").Value
                    Return strFullName
                Catch
                    Success = False
                    Return strFullName
                End Try
    
    End Function


     

    When I run my page in VS, it's okay it shows up. But when in Production, it displays my Windows login name.

    Can you guys take a look and see which part of the code is wrong, or lacking something? Thank you very much!

    Wednesday, September 18, 2013 10:01 PM

Answers

  • User1508394307 posted

    Two things to check

    1) If User.Identity.Name returns null, or something else which is not your current id, then you will not get proper value in strFullName and Searcher will not find the account in AD. Debug the code (e.g. put Response.Write(System.Web.HttpContext.Current.User.Identity.Name) and compare values on localhost and server.

    If User.Identity.Name is null, check if you properly configured Windows authentication on your server. For example, you need to disable non-authenticated users. In web.config:

    <authorization>
    <deny users="?" />
    </authorization>

    2) It might be also that AD requires domain account to perform search. In this case you might need to configure pool in IIS to run under different account, change AD settings (talk to your sysadmin) or specify some account in the code or web.config. For example

    Dim Domain1 As DirectoryEntry = New DirectoryEntry("LDAP://test.com/DC=dept1,DC=com", "domainadmin", "12345", AuthenticationTypes.ReadonlyServer)
    Dim Searcher1 As DirectorySearcher = New DirectorySearcher("(&(objectCategory=Person)(objectClass=user)")
    Searcher1.SearchRoot = Domain1

    Hope this helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 19, 2013 6:23 AM
  • User1508394307 posted

    Before going for too many solutions, you need to ensure that Current.User.Identity is not null and corresponds to the required account.

    The HostingEnvironment.Impersonate method impersonates the user represented by the application identity. So, if this is null, then it will not help ;-) 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 19, 2013 7:43 AM

All replies

  • User197322208 posted

    1. Remove the catch. Maybe there is an error

    2.

    But when in Production, it displays my Windows login name.

    And what should display?

    Thursday, September 19, 2013 1:53 AM
  • User325473304 posted

    1. Remove the catch. Maybe there is an error

    2.

    anna ambrosia

    But when in Production, it displays my Windows login name.


    And what should display?

     

    Hi ignataandrei, thanks for the reply!

     

    I removed the Catch part, here's what happened:

     

    An operations error occurred.               Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            
    Exception Details: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
    Source Error:

    Line 30: 
    Line 31:             'Try
    Line 32: Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne Line 33:             Success = Not (Results Is Nothing)
    Line 34:             strFullName = Results.GetDirectoryEntry().Properties("Name").Value
                      

     

    What I need for the website is to display my full name (Ambrosia, Anna) but it displays my Windows logon instead..

    Thursday, September 19, 2013 2:29 AM
  • User1508394307 posted

    Two things to check

    1) If User.Identity.Name returns null, or something else which is not your current id, then you will not get proper value in strFullName and Searcher will not find the account in AD. Debug the code (e.g. put Response.Write(System.Web.HttpContext.Current.User.Identity.Name) and compare values on localhost and server.

    If User.Identity.Name is null, check if you properly configured Windows authentication on your server. For example, you need to disable non-authenticated users. In web.config:

    <authorization>
    <deny users="?" />
    </authorization>

    2) It might be also that AD requires domain account to perform search. In this case you might need to configure pool in IIS to run under different account, change AD settings (talk to your sysadmin) or specify some account in the code or web.config. For example

    Dim Domain1 As DirectoryEntry = New DirectoryEntry("LDAP://test.com/DC=dept1,DC=com", "domainadmin", "12345", AuthenticationTypes.ReadonlyServer)
    Dim Searcher1 As DirectorySearcher = New DirectorySearcher("(&(objectCategory=Person)(objectClass=user)")
    Searcher1.SearchRoot = Domain1

    Hope this helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 19, 2013 6:23 AM
  • User325473304 posted

    Two things to check
    1) If User.Identity.Name returns null, or something else which is not your current id, then you will not get proper value in strFullName and Searcher will not find the account in AD. Debug the code (e.g. put Response.Write(System.Web.HttpContext.Current.User.Identity.Name)
     and compare values on localhost and server.
    If User.Identity.Name is null, check if you properly configured Windows authentication on your server. For example, you need to disable non-authenticated users. In web.config:
    <authorization>
    
    <deny users="?" />
    
    </authorization>
    2) It might be also that AD requires domain account to perform search. In this case you might need to configure pool in IIS to run under different account, change AD settings (talk to your sysadmin) or specify some account in the code or web.config. For
     example
    Dim Domain1 As DirectoryEntry = New DirectoryEntry("LDAP://test.com/DC=dept1,DC=com", "domainadmin", "12345", AuthenticationTypes.ReadonlyServer)
    Dim Searcher1 As DirectorySearcher = New DirectorySearcher("(&(objectCategory=Person)(objectClass=user)")
    Searcher1.SearchRoot = Domain1

    Hope this helps.

     

    Hi smirnov,

    Thanks, I'll try that to my code!

    One more question, I found this while searching for other approach to make my code work. I found this:

    Using Hosting.HostingEnvironment.Impersonate()

     

    I'm not really sure what HostingEnvironment.Impersonate does, can someone explain further?

    Thanks!!

    Thursday, September 19, 2013 6:46 AM
  • User753101303 posted

    Hi,

    If previous answers doesn't help, give a look at the inner exceptions (or the base exception) to see the root cause. Perhaps some permission issue as the thread identity is not the same than when you are testing.

    Unrelated to your issue but you also have "new" classes such as http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.userprincipal.findbyidentity.aspx that are quite convenient when you don't need the general purpose classes...

    Thursday, September 19, 2013 6:55 AM
  • User1508394307 posted

    Before going for too many solutions, you need to ensure that Current.User.Identity is not null and corresponds to the required account.

    The HostingEnvironment.Impersonate method impersonates the user represented by the application identity. So, if this is null, then it will not help ;-) 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 19, 2013 7:43 AM
  • User325473304 posted

    Before going for too many solutions, you need to ensure that Current.User.Identity is not null and corresponds to the required account.

    The HostingEnvironment.Impersonate method impersonates the user represented by the application identity. So, if this is null, then it will not help ;-) 

     

    Thanks smirnov, Current.User.Identity is not null, I've checked. I tried HostingEnvironment.Impersonate and the error was gone. Here's what my code looks like:

    Using Hosting.HostingEnvironment.Impersonate()
    
                    Dim strFullName As String
    
                    strFullName = Nothing
    
                    Dim Success As Boolean = False
    
                    If IsNothing(strFullName) Then strFullName = System.Web.HttpContext.Current.User.Identity.Name
    
                    strFullName = strFullName.Substring(strFullName.IndexOf("\") + 1)
                    Dim Searcher As New System.DirectoryServices.DirectorySearcher("sAMAccountName=" & strFullName)
    
                    Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
                    Success = Not (Results Is Nothing)
                    strFullName = Results.GetDirectoryEntry().Properties("displayName").Value
                    Return strFullName
                    
    End Using


    Does any one here have comments on the code above? Thanks!

    Friday, September 20, 2013 3:53 AM
  • User753101303 posted

    If you looked just at the upper exception I would still suggest to get at the inner exceptions to see what is the real cause. More likely the real error is wrapped inside a COM exception. Once the real cause is known rather than same vague COM Exception it should be easier to fix.

    Friday, September 20, 2013 4:18 AM
  • User-1426144113 posted

    Hi,

    I think it is due to the OS of your product server.

    For this http://msdn.microsoft.com/en-us/library/19kx3yy8.aspx, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

    Thanks

    Saturday, September 21, 2013 1:03 AM