a·gen·tic a·gil·i·ty

What the 0x80072020?

TL;DR; Explains the 0x80072020 error in .NET 3.5 PrincipalContext when using ASP.NET impersonation with Active Directory, its cause, and security concerns with workaround.

Published on
1 minute read
Image
https://nkdagility.com/resources/ts3nKVfoy1j
Subscribe

I have found a small bug (as in, “Not working as expected!”) in the new .NET 3.5 PrincipalContext classes. When you are running on an ASP.NET site in impersonation mode you cannot retrieve information from active directory without the following error:

System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at UI_Controls_SharepointControl.Page_Load(Object sender, EventArgs e)

You need to specify a fixed account to access AD using:

Dim ctx As New PrincipalContext(ContextType.Domain, “[domain]”, “[accountName]”, “[password]”)

This is not so good! What if I wanted to use the current users credentials to update only fields that they are allowed to update in AD? If I use a static account that can access any users fields then this becomes a security risk.

Ahh well, I will live with it for now, but if anyone has another suggestion…

Technorati Tags: .NET   WCF

Subscribe

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Milliman Logo

Milliman

DFDS Logo

DFDS

New Signature Logo

New Signature

ProgramUtvikling Logo

ProgramUtvikling

Freadom Logo

Freadom

Graham & Brown Logo

Graham & Brown

Philips Logo

Philips

Boxit Document Solutions Logo

Boxit Document Solutions

Schlumberger Logo

Schlumberger

Boeing Logo

Boeing

Big Data for Humans Logo

Big Data for Humans

ALS Life Sciences Logo

ALS Life Sciences

Capita Secure Information Solutions Ltd Logo

Capita Secure Information Solutions Ltd

Ericson Logo

Ericson

Genus Breeding Ltd Logo

Genus Breeding Ltd

Lean SA Logo

Lean SA

Workday Logo

Workday

Epic Games Logo

Epic Games

Washington Department of Transport Logo

Washington Department of Transport

Royal Air Force Logo

Royal Air Force

Ghana Police Service Logo

Ghana Police Service

Washington Department of Enterprise Services Logo

Washington Department of Enterprise Services

New Hampshire Supreme Court Logo

New Hampshire Supreme Court

Department of Work and Pensions (UK) Logo

Department of Work and Pensions (UK)

Microsoft Logo

Microsoft

Big Data for Humans Logo

Big Data for Humans

Emerson Process Management Logo

Emerson Process Management

Bistech Logo

Bistech

MacDonald Humfrey (Automation) Ltd. Logo

MacDonald Humfrey (Automation) Ltd.

Milliman Logo

Milliman