Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type 'System.DirectoryServices.AccountManagement.UserPrincipal
RSS
Using the code below I am trying to retrieve the users full name. This works fine in development but when I run the site externally I get the error
Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type 'System.DirectoryServices.AccountManagement.UserPrincipal' any ideas? Thanks!
Imports System.Security
Imports System.Security.Principal.WindowsIdentity
Imports Microsoft.Win32
Imports System.DirectoryServices.AccountManagement
Imports System.DirectoryServices.AccountManagement.UserPrincipal
Imports System.Web.Hosting
Partial Class _Default
Inherits System.Web.UI.Page
Dim UserAccount As String
Dim test As String
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
test = Right(Request.ServerVariables("REMOTE_USER"), 5)
Dim userFullName As String = UserPrincipal.Current.DisplayName
EmployeeTextBox.Text = userFullName
ReportingPeriodTextBox.Text = Now.Year
End Sub
End Class
The code will need to run under crenditals that allow at least read access to the ldap. In your connection information in your web.config there should be options to enter a user name and password. I dont use AccountMangement but it would appear you could
add a user name and password to authenticate to AD on this line. I could not find any examples
new PrincipalContext(ContextType.Domain, "MyDomain", "DC=MyDomain,DC=com", username, pass);
Or you could setup to use impersonsation in your web.config as well.
Essentially, you could use an App Pool configured identity which has read access to your LDAP. That way, instead of the anonymous or network service account presenting itself, instead it will present with a domain user that has rights to read the AD. Also,
make sure to enable Identity Impersonate in your web config.
For me I prefer to use a service account just for running ldap connections and add its username and password in the DirectoryEntry. I keep the username and password in the web.config and refer to it the code to be able to easily updated it as needed.
Dim LDAPsvcAccStr as string = ConfigurationSettings.AppSettings("LDAPsvcAcc")
Dim LDAPsvcPassStr as string = ConfigurationSettings.AppSettings("LDAPsvcPassStr")
Add when creating the DirectoryEntry you just provide the username and password
Dim DirEntry as New DirectoryEntry(LDAPstr, LDAPsvcAcctStr, LDAPsvcPassStr)
Thanks so much for your help. the code below is now working in developement and I dont get any errors on the web. But the field will not populate. If I add those settings in the webconfig will it work then?
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
test = Right(Request.ServerVariables("REMOTE_USER"), 5)
'Dim userFullName As String = UserPrincipal.Current.DisplayName
'EmployeeTextBox.Text = userFullName
ReportingPeriodTextBox.Text = Now.Year
Try
'This is a LDAP path to a specific domain controller for LDAP
Dim enTry As DirectoryEntry = New DirectoryEntry("LDAP://DC1/OU=MyUsers,DC=Steve,DC=Schofield,DC=com")
'This is a generic LDAP call, it would do a DNS lookup to find a DC in your AD site, scales better
Dim mySearcher As DirectorySearcher = New DirectorySearcher(enTry)
' mySearcher.Filter = "(&(objectClass=user)(anr=smith))"
mySearcher.Filter = "(&(objectClass=user)(SAMAccountName=" & test & "))"
Dim resEnt As SearchResult
Try
For Each resEnt In mySearcher.FindAll()
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("cn").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("distinguishedName").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("name").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("givenName").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("displayName").Value)
EmployeeTextBox.Text = resEnt.GetDirectoryEntry.Properties.Item("displayName").Value
Next
Catch f As Exception
Console.WriteLine(f.Message)
End Try
Catch f As Exception
Console.WriteLine(f.Message)
End Try
End Sub
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
test = Right(Request.ServerVariables("REMOTE_USER"), 5)
Dim LDAPsvcAccStr As String = System.Configuration.ConfigurationManager.AppSettings("LDAPsvcAcc")
Dim LDAPsvcPassStr As String = System.Configuration.ConfigurationManager.AppSettings("LDAPsvcPassStr")
'Dim userFullName As String = UserPrincipal.Current.DisplayName
'EmployeeTextBox.Text = userFullName
ReportingPeriodTextBox.Text = Now.Year
Try
'This is a LDAP path to a specific domain controller for LDAP
Dim enTry As DirectoryEntry = New DirectoryEntry("LDAP://test.net/DC=test,DC=net", LDAPsvcAccStr, LDAPsvcPassStr)
'This is a generic LDAP call, it would do a DNS lookup to find a DC in your AD site, scales better
Dim mySearcher As DirectorySearcher = New DirectorySearcher(enTry)
' mySearcher.Filter = "(&(objectClass=user)(anr=smith))"
mySearcher.Filter = "(&(objectClass=user)(SAMAccountName=" & test & "))"
Dim resEnt As SearchResult
Try
For Each resEnt In mySearcher.FindAll()
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("cn").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("distinguishedName").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("name").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("givenName").Value)
'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("displayName").Value)
EmployeeTextBox.Text = resEnt.GetDirectoryEntry.Properties.Item("displayName").Value
Next
Catch f As Exception
Console.WriteLine(f.Message)
End Try
Catch f As Exception
Console.WriteLine(f.Message)
End Try
MKozlowski
Member
506 Points
589 Posts
Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type...
Dec 15, 2011 01:05 PM|LINK
Hi ,
Using the code below I am trying to retrieve the users full name. This works fine in development but when I run the site externally I get the error Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type 'System.DirectoryServices.AccountManagement.UserPrincipal' any ideas? Thanks!
Imports System.Security Imports System.Security.Principal.WindowsIdentity Imports Microsoft.Win32 Imports System.DirectoryServices.AccountManagement Imports System.DirectoryServices.AccountManagement.UserPrincipal Imports System.Web.Hosting Partial Class _Default Inherits System.Web.UI.Page Dim UserAccount As String Dim test As String Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load test = Right(Request.ServerVariables("REMOTE_USER"), 5) Dim userFullName As String = UserPrincipal.Current.DisplayName EmployeeTextBox.Text = userFullName ReportingPeriodTextBox.Text = Now.Year End Sub End Classgww
Contributor
2143 Points
458 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 01:59 PM|LINK
The code will need to run under crenditals that allow at least read access to the ldap. In your connection information in your web.config there should be options to enter a user name and password. I dont use AccountMangement but it would appear you could add a user name and password to authenticate to AD on this line. I could not find any examples
Or you could setup to use impersonsation in your web.config as well.
MKozlowski
Member
506 Points
589 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 03:01 PM|LINK
I am still stuck on this any other suggestions?
MKozlowski
Member
506 Points
589 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 03:31 PM|LINK
Can you show me how to do principle context in VB?
MKozlowski
Member
506 Points
589 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 03:36 PM|LINK
Ok I have the code in VB, but not sure what to do in the webconfig file?
bbcompent1
All-Star
33718 Points
8737 Posts
Moderator
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 05:05 PM|LINK
Essentially, you could use an App Pool configured identity which has read access to your LDAP. That way, instead of the anonymous or network service account presenting itself, instead it will present with a domain user that has rights to read the AD. Also, make sure to enable Identity Impersonate in your web config.
gww
Contributor
2143 Points
458 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 05:23 PM|LINK
Try this link. Had info on using DirectoryServices and solutions
http://forums.asp.net/t/897609.aspx
gww
Contributor
2143 Points
458 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 05:40 PM|LINK
For me I prefer to use a service account just for running ldap connections and add its username and password in the DirectoryEntry. I keep the username and password in the web.config and refer to it the code to be able to easily updated it as needed.
In the web.config add
Refering to the web.config values in the page
Dim LDAPsvcAccStr as string = ConfigurationSettings.AppSettings("LDAPsvcAcc") Dim LDAPsvcPassStr as string = ConfigurationSettings.AppSettings("LDAPsvcPassStr")Add when creating the DirectoryEntry you just provide the username and password
MKozlowski
Member
506 Points
589 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 06:03 PM|LINK
Thanks so much for your help. the code below is now working in developement and I dont get any errors on the web. But the field will not populate. If I add those settings in the webconfig will it work then?
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load test = Right(Request.ServerVariables("REMOTE_USER"), 5) 'Dim userFullName As String = UserPrincipal.Current.DisplayName 'EmployeeTextBox.Text = userFullName ReportingPeriodTextBox.Text = Now.Year Try 'This is a LDAP path to a specific domain controller for LDAP Dim enTry As DirectoryEntry = New DirectoryEntry("LDAP://DC1/OU=MyUsers,DC=Steve,DC=Schofield,DC=com") 'This is a generic LDAP call, it would do a DNS lookup to find a DC in your AD site, scales better Dim mySearcher As DirectorySearcher = New DirectorySearcher(enTry) ' mySearcher.Filter = "(&(objectClass=user)(anr=smith))" mySearcher.Filter = "(&(objectClass=user)(SAMAccountName=" & test & "))" Dim resEnt As SearchResult Try For Each resEnt In mySearcher.FindAll() 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("cn").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("distinguishedName").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("name").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("givenName").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("displayName").Value) EmployeeTextBox.Text = resEnt.GetDirectoryEntry.Properties.Item("displayName").Value Next Catch f As Exception Console.WriteLine(f.Message) End Try Catch f As Exception Console.WriteLine(f.Message) End Try End SubMKozlowski
Member
506 Points
589 Posts
Re: Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to ...
Dec 15, 2011 06:46 PM|LINK
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load test = Right(Request.ServerVariables("REMOTE_USER"), 5) Dim LDAPsvcAccStr As String = System.Configuration.ConfigurationManager.AppSettings("LDAPsvcAcc") Dim LDAPsvcPassStr As String = System.Configuration.ConfigurationManager.AppSettings("LDAPsvcPassStr") 'Dim userFullName As String = UserPrincipal.Current.DisplayName 'EmployeeTextBox.Text = userFullName ReportingPeriodTextBox.Text = Now.Year Try 'This is a LDAP path to a specific domain controller for LDAP Dim enTry As DirectoryEntry = New DirectoryEntry("LDAP://test.net/DC=test,DC=net", LDAPsvcAccStr, LDAPsvcPassStr) 'This is a generic LDAP call, it would do a DNS lookup to find a DC in your AD site, scales better Dim mySearcher As DirectorySearcher = New DirectorySearcher(enTry) ' mySearcher.Filter = "(&(objectClass=user)(anr=smith))" mySearcher.Filter = "(&(objectClass=user)(SAMAccountName=" & test & "))" Dim resEnt As SearchResult Try For Each resEnt In mySearcher.FindAll() 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("cn").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("distinguishedName").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("name").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("givenName").Value) 'Console.WriteLine(resEnt.GetDirectoryEntry.Properties.Item("displayName").Value) EmployeeTextBox.Text = resEnt.GetDirectoryEntry.Properties.Item("displayName").Value Next Catch f As Exception Console.WriteLine(f.Message) End Try Catch f As Exception Console.WriteLine(f.Message) End Try</configSections> <appSettings> <add key="LDAPsvcAcct" value="MyDomain\username" /> <add key="LDAPsvcPass" value="Password" /> </appSettings> <connectionStrings> <add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Sunshine.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient" /> </connectionStrings>I added all of this and I am not getting any data over the web. I am not sure what could be wrong?