tech·nic·al·ly agile

What the 0x80072020?

Discover the 0x80072020 error in .NET 3.5 and learn how to securely access Active Directory with user credentials. Find solutions and insights here!

Published on
1 minute read
Image
https://nkdagility.com/resources/ts3nKVfoy1j

I have found a small bug (as in, “Not working as expected!”) in the new .NET 3.5 PrincipalContext classes. When you are running on an ASP.NET site in impersonation mode you cannot retrieve information from active directory without the following error:

System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at UI_Controls_SharepointControl.Page_Load(Object sender, EventArgs e)

You need to specify a fixed account to access AD using:

Dim ctx As New PrincipalContext(ContextType.Domain, “[domain]”, “[accountName]”, “[password]”)

 

This is not so good! What if I wanted to use the current users credentials to update only fields that they are allowed to update in AD? If I use a static account that can access any users fields then this becomes a security risk.

Ahh well, I will live with it for now, but if anyone has another suggestion…

Technorati Tags: .NET    WCF 

Troubleshooting
Comments

Related blog posts

No related videos found.

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Philips Logo
Big Data for Humans Logo
Jack Links Logo
Alignment Healthcare Logo
ProgramUtvikling Logo
Genus Breeding Ltd Logo
Teleplan Logo
Brandes Investment Partners L.P. Logo
Hubtel Ghana Logo
Sage Logo
Illumina Logo
Graham & Brown Logo
Ericson Logo
Kongsberg Maritime Logo
Milliman Logo
Boxit Document Solutions Logo
Emerson Process Management Logo
Xceptor - Process and Data Automation Logo
Royal Air Force Logo
Washington Department of Transport Logo
Nottingham County Council Logo
Department of Work and Pensions (UK) Logo
Ghana Police Service Logo
New Hampshire Supreme Court Logo
Slicedbread Logo
Sage Logo
DFDS Logo
Deliotte Logo
SuperControl Logo
Xceptor - Process and Data Automation Logo