1
votes

So I have a hosting domain that's currently running my App on IIS 7, Application Pool Settings:

  • Identity: Network Service
  • Managed Pipeline Mode: Integrated
  • .NET Version: v4.0
  • Name: .NET v4.5

IIS Authentication settings:

  • Anonymous: Disabled
  • Impersonation: Enabled
  • Forms: Disabled
  • Windows: Enabled

There is also a different version of the app that is working fine with these settings. So within my current App I have this code to get and store the user SID:

public static SecurityIdentifier GenerateUserSID()
    {
        return (UserPrincipal.Current.Sid);
    }

public virtual ActionResult AddComment (string comment, int taskId, DateTime selectedDate)
    {
        var msg = string.Empty;

        try
        {
            Comment newComment = new Comment();

            var sid = ApplicationUtils.GenerateUserSID();

            newComment.CommentText = comment;
            newComment.Analyst = sid.ToString();
            newComment.TaskHistoryId = taskId;
            newComment.SelectedDateTimestamp = selectedDate;
            newComment.AddedTimestamp = DateTime.Now;

            _db.Comments.Add(newComment);
            _db.SaveChanges();
        }
        catch (Exception e)
        {
            msg = "Error: " + e;

            return Json(msg, JsonRequestBehavior.AllowGet);
        }

        return Json(comment, JsonRequestBehavior.AllowGet);
    }

And I get the following error returned:

System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current() at Governance.Controllers.DashboardController.AddComment(String comment, Int32 taskId, DateTime selectedDate)

This only happens when accessing the App on remote machines, on the local machine it works fine.

Does anyone know what's causing this and how to fix it?

1

1 Answers

1
votes

So I managed to fix this without changing any permissions in Active Directory.

So now instead of linking to ApplicationUtils, I have this:

public virtual string GetSid()
    {
        using (HostingEnvironment.Impersonate())
        {

            PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

            UserPrincipal user = UserPrincipal.FindByIdentity(ctx, User.Identity.Name);

            var sid = user.Sid;

            return sid.ToString();
        }
    }

So to get the SID I simple need to call GetSid() and it will return a string version of the SID.