Ok, so this was working in my VS test server (naturally), but as soon as I publish to IIS, it breaks. What I need for this to work is to be able to get ahold of the GUID (not the SID, please) of the user currenctly logged into the machine. Using DirectoryServices, this was my original implementation:
var guid = UserPrincipal.Current.Guid.ToString();
This is giving me an error that I cannot cast from GroupPrincipal to UserPrincipal. So it sounds like the application is trying to run as a some authenticated group or something. I realize, the normal approach would be something like HttpContext.Current.User.Identity, but I'm not sure what to do with that as it has no Guid property and when I try to convert it to a SID and run an LDAP query, it throws an exception. Can someone help me with the necessary steps to achieve this?
Thanks
UPDATE:
Okay here's my most current attempt:
protected string GetUserGuid()
{
var pc = new PrincipalContext(ContextType.Domain);
var windowsID = HttpContext.Current.User.Identity;
var up = UserPrincipal.FindByIdentity(pc, windowsID.Name);
return up.Guid.ToString();
}
And the exception I get:
[COMException (0x8007054b): The specified domain either does not exist
or could not be contacted. ]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry
entry, String propertyName) +63
System.DirectoryServices.PropertyCollection.get_Item(String
propertyName) +163
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
+436 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
+51 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
+141 System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
+42 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext
context, Type principalType, Nullable`1 identityType, String
identityValue, DateTime refDate) +29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext
context, String identityValue) +95 TicketsToMe.GetUserGuid() +123
TicketsToMe.Page_Load(Object sender, EventArgs e) +38
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object
o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive()
+71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
+3048
Answer
If something runs locally but not on IIS it can be a permission thing. Have you checked trust level on your IIS? Local VS test server runs on Full trust but IIS (especially 7) website may be set to Medium or lower. This has caused me problems before with similar results i.e. something running locally but not on IIS.
Also it is worth checking permissions for app pool user.
No comments:
Post a Comment