Working with the PrincipalContext
in code that lies behind a WCF service. The WCF service is impersonating, to allow a 'pass-through' type authentication.
While everything else I do with Active Directory (mostly the System.DirectoryServices.Protocols
namespace) works fine in this scenario, for some reason the classes in System.DirectoryServices.AccountManagement throw a fit. Sample code that fails:
PrincipalContext context = new PrincipalContext(ContextType.Domain, domainName);
UserPrincipal user =
UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, UserName);
When I make the call to FindByIdentity
, I get a COMException: "An operations error has occurred". Calls to the PrincipalContext
also fail, e.g.:
string server = context.ConnectedServer;
Both OperationContext.Current.ServiceSecurityContext
and Thread.CurrentPrincipal.Identity
show the impersonation is working correctly. And, like I say, other AD tasks in S.DS.P work fine.
If I explicitly set credentials on the PrincipalContext
, everything works. For example:
PrincipalContext context =
new PrincipalContext(ContextType.Domain, domainName, user, password);
UserPrincipal user =
UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, UserName);
Now everything works. But I won't know the username and password from the caller; I must rely on the impersonation.
Any ideas on what would cause the issue I'm seeing?
Thanks in advance! James