` LinkedIn WhatsApp Twitter Facebook Email
Internal
External
Resources

data.index.classifications.json (application/json)

data.index.related.json (application/json)

images/metro-binary-vb-128-link-1-1.png (image/png)

Theme
Text Font
Accepting 1 new client!
Blog Uncategorized

a·gen·tic a·gil·i·ty

What the 0x80072020?

Explains the 0x80072020 error in .NET 3.5 PrincipalContext when using ASP.NET impersonation with Active Directory, its cause, and security concerns with workaround.

Published on
Written by Martin Hinshelwood
1 minute read
Image
https://nkdagility.com/resources/ts3nKVfoy1j
Table of Contents
Related Blog
Loss of My.User.Name is not that bad... Removing ACL's for dead AD accounts Why Integrated Authentication does not work with host headers!
Related Videos
no entries found
Related Signals
no entries found
Related Guides
no entries found
Comments
Feedback View on Github Edit on Github
Classifications
` LinkedIn WhatsApp Twitter Facebook Email
Internal
External
Resources

data.index.classifications.json (application/json)

data.index.related.json (application/json)

images/metro-binary-vb-128-link-1-1.png (image/png)

Subscribe

I have found a small bug (as in, “Not working as expected!”) in the new .NET 3.5 PrincipalContext classes. When you are running on an ASP.NET site in impersonation mode you cannot retrieve information from active directory without the following error:

System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at UI_Controls_SharepointControl.Page_Load(Object sender, EventArgs e)

You need to specify a fixed account to access AD using:

Dim ctx As New PrincipalContext(ContextType.Domain, “[domain]”, “[accountName]”, “[password]”)

This is not so good! What if I wanted to use the current users credentials to update only fields that they are allowed to update in AD? If I use a static account that can access any users fields then this becomes a security risk.

Ahh well, I will live with it for now, but if anyone has another suggestion…

Technorati Tags: .NET   WCF

Table of Contents
Related Blog
Loss of My.User.Name is not that bad... Removing ACL's for dead AD accounts Why Integrated Authentication does not work with host headers!
Related Videos
no entries found
Related Signals
no entries found
Related Guides
no entries found
Comments
Feedback View on Github Edit on Github
Classifications
` LinkedIn WhatsApp Twitter Facebook Email
Internal
External
Resources

data.index.classifications.json (application/json)

data.index.related.json (application/json)

images/metro-binary-vb-128-link-1-1.png (image/png)

Subscribe

Related Blog

No related videos found.

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Philips Logo

Philips

Freadom Logo

Freadom

Slaughter and May Logo

Slaughter and May

Lockheed Martin Logo

Lockheed Martin

ProgramUtvikling Logo

ProgramUtvikling

Deliotte Logo

Deliotte

Brandes Investment Partners L.P. Logo

Brandes Investment Partners L.P.

Graham & Brown Logo

Graham & Brown

Boeing Logo

Boeing

Alignment Healthcare Logo

Alignment Healthcare

Kongsberg Maritime Logo

Kongsberg Maritime

Lean SA Logo

Lean SA

Xceptor - Process and Data Automation Logo

Xceptor - Process and Data Automation

Healthgrades Logo

Healthgrades

Qualco Logo

Qualco

Sage Logo

Sage

Jack Links Logo

Jack Links

DFDS Logo

DFDS

New Hampshire Supreme Court Logo

New Hampshire Supreme Court

Royal Air Force Logo

Royal Air Force

Nottingham County Council Logo

Nottingham County Council

Washington Department of Transport Logo

Washington Department of Transport

Washington Department of Enterprise Services Logo

Washington Department of Enterprise Services

Department of Work and Pensions (UK) Logo

Department of Work and Pensions (UK)

Philips Logo

Philips

Lockheed Martin Logo

Lockheed Martin

Qualco Logo

Qualco

Akaditi Logo

Akaditi

Trayport Logo

Trayport

Cognizant Microsoft Business Group (MBG) Logo

Cognizant Microsoft Business Group (MBG)