c# - Delegation not working on some computers -
i have asp.net application uses delegation perform actions on active directory authenticating user. application works on computers , doesn't work @ on other computers, on these other computers receive comexception error code 0x80072020 stack trace is:
system.runtime.interopservices.comexception (0x80072020): operations error occurred. @ system.directoryservices.directoryentry.bind(boolean throwiffail) @ system.directoryservices.directoryentry.bind() @ system.directoryservices.directoryentry.get_adsobject() @ system.directoryservices.directorysearcher.findall(boolean findmorethanone) @ system.directoryservices.directorysearcher.fineone() @ resetunlockaccount.resetunlockaccount.executeimpersonation(string username) the code throwing error is:
windowsidentity winid = (windowsidentity)httpcontext.current.user.identity; windowsimpersonationcontext ctx = null; seek { ctx=winid.impersonate(); using (directoryentry directoryobject = new directoryentry(root)) { using (directorysearcher search = new directorysearcher(directoryobject)) { search.filter = "(&(objectclass=user)(samaccountname=username))"; search.searchscope = searchscope.subtree; /////////////////////////////////////////////////////////////////// line causing issue. ---------->searchresult result = search.findone(); using (directoryentry user = result.getdirectoryentry()) { user.invoke("setpassword", new object[] { password }); user.properties["pwdlastset"][0] = 0; user.commitchanges(); lbloutput.text = "it worked"; } } } } grab (exception ex) { lbloutput.text += ex.tostring(); } { if (ctx != null) ctx.undo(); } at first thought user permission issue, tested trying credentials on 1 of computers having issues, encountered same issues. confirm wasn't user permission issues tried on workstation other persons credentials , worked perfectly.
i wrote quick test programme show me impersonation level of users, when working correctly should delegation. when ran on machine output was:
authentication type: negotiate token: 9999 name: domain\username authenticated: true impersonation level: delegation when ran on other workstation:
authentication type: negotiate token: 9999 name: domain\username authenticated: true impersonation level: impersonation server: iis 7.0 browser: ie 8
i don't know causing issue computers, if knows of specific setting should changed delegation work grateful. below have posted 2 other links help give more insight problem.
.getdirectoryentry throws com exception, code:0x800720720 when attempting bind object
asp.net application userprincipal.findbyidentity works browser on server, throws exception machine
c# asp.net iis-7 delegation
No comments:
Post a Comment