Reputation: 42497
UserPrincipal.FindByIdentity throws PrincipalServerDownException
I have an application that needs to bind against a remote customer's Active Directory to perform authentication tasks.
using (var ctx = new PrincipalContext(ContextType.Domain, "customer.org", "ou=people,dc=customer,dc=org", ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind, "[email protected]", "password"))
{
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username); // after several seconds, throws PrincipalServerDownException
if (user == null) return null; // user doesn't exist
// check if the account is locked out, etc. (omitted)
// quickly validate credentials
if (!ctx.ValidateCredentials(username, password, ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind)) return null; // bad credentials
return user;
}
The exception is:
PrincipalServerDownException: The server is not operational.
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetAsPrincipal(Object storeObject, Object discriminant)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
Until today, things were working fine. One change is that the application running this code was upgraded from 4 to 4.5. I can't say for sure if the problem occurred immediately after the upgrade, or it's just a coincidence.
I'd been using AdFind to test binding against the customer's AD, and it seems to be working fine.
Another interesting thing is that the PrincipalContext initializes just fine (and thus validates its connection against the remote store), and if I comment out the FindByIdentity call so just ctx.ValidateCredentials is called, that works fine, too.
Upvotes: 2
Views: 2180
Answers (1)
Reputation: 2010
Actually 4.5 might well be the Problem. There have been some changes to "secure" UerPrincipal.FindByIdentity. They tend to break code in cross Domain and workroup => Domain Scenarios.
You have at least two possibilities:
- Revert to 4.0
- Use DirectoryEntry instead
Upvotes: 3
Related Questions
- C# Active Directory PrincipalContext / UserPrincipal.IsMemberOf error
- DirectoryServiceCOMException (0x80072020) when calling UserPrincipal.FindByIdentity
- Logon failure error when attempting UserPrincipal.FindByIdentity
- UserPrincipal.FindByIdentity() always returns null
- UserPrincipal.FindByIdentity throws exception - There is no such object on the server
- UserPrincipal.FindByIdentity - throwing error on dev
- UserPrincipal.FindByIdentity Insists "There is no such object on the server."
- UserPrincipal Object, Active Directory Query: DirectoryServicesCOMException
- PrincipalExistsException is thrown, but the Principal doesn't actually exist
- Extending UserPrincipal; FindByIdentity() fails