tech·nic·al·ly agile

What the 0x80072020?

Discover the 0x80072020 error in .NET 3.5 and learn how to securely access Active Directory with user credentials. Find solutions and insights here!

Published on
1 minute read
Image
https://nkdagility.com/resources/ts3nKVfoy1j

I have found a small bug (as in, “Not working as expected!”) in the new .NET 3.5 PrincipalContext classes. When you are running on an ASP.NET site in impersonation mode you cannot retrieve information from active directory without the following error:

System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at UI_Controls_SharepointControl.Page_Load(Object sender, EventArgs e)

You need to specify a fixed account to access AD using:

Dim ctx As New PrincipalContext(ContextType.Domain, “[domain]”, “[accountName]”, “[password]”)

 

This is not so good! What if I wanted to use the current users credentials to update only fields that they are allowed to update in AD? If I use a static account that can access any users fields then this becomes a security risk.

Ahh well, I will live with it for now, but if anyone has another suggestion…

Technorati Tags: .NET    WCF 

Troubleshooting
Comments

Related blog posts

No related videos found.

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Bistech Logo
Illumina Logo
Epic Games Logo

CR2

Lockheed Martin Logo
Trayport Logo
Higher Education Statistics Agency Logo
Ericson Logo
Workday Logo
Teleplan Logo
Genus Breeding Ltd Logo
Kongsberg Maritime Logo
Boxit Document Solutions Logo
Slaughter and May Logo
Schlumberger Logo
Alignment Healthcare Logo
Emerson Process Management Logo
Microsoft Logo
Nottingham County Council Logo
Ghana Police Service Logo
Washington Department of Enterprise Services Logo
Washington Department of Transport Logo
New Hampshire Supreme Court Logo
Department of Work and Pensions (UK) Logo
Teleplan Logo
Trayport Logo
Graham & Brown Logo
Lean SA Logo
Workday Logo
Freadom Logo