Click here to Skip to main content
14,448,728 members
Rate this:
Please Sign up or sign in to vote.
See more:
https://www.codeproject.com/Tips/458039/Application-Login-through-Active-Directory-LDAP
I have tried the solution in the link above by using the validation method and modified it to return the displayname only which is pasted below. It works locally but after publishing to IIS server, it gives an error -

"Unable to cast object of type System.DirectoryServices.AccountManagement.GroupPrincipal to type 'System.DirectoryServices.AccountManagement.UserPrincipal"

I have tried to add my domain credentials in the authentication impersonate feature in IIS but then it only gives access to me, same if add different user, it will only give access to them.

NB: The website needs to get a user's current login username and Display from windows and get their details from a database. Also tried to enable windows authentication but still gives out the cast object error.

What I have tried:

public static string fnValidateUser()
{
string username = "";
string Lastname = "";
try
{
LdapConnection lcon = new LdapConnection
(new LdapDirectoryIdentifier((string)null, false, false));
NetworkCredential nc = new NetworkCredential(Environment.UserName,
Environment.UserDomainName);




WindowsIdentity CurrentIdentity = WindowsIdentity.GetCurrent();
UserPrincipal userPrincipal = UserPrincipal.Current;
username = userPrincipal.DisplayName;
Lastname = userPrincipal.Surname;


// lcon.Credential = nc;
// lcon.AuthType = AuthType.Negotiate;
// // user has authenticated at this point,
// // as the credentials were used to login to the dc.
// lcon.Bind(nc);
// validation = true;
}
catch (LdapException)
{

}
return username;
}
Posted
Updated 21-Jan-20 6:28am
Comments
Member 10271543 19-Jan-20 13:05pm
   
It works locally but not after published to IIS
Rate this:
Please Sign up or sign in to vote.

Solution 3

This is a bug in the framework, which still affects the most recent version. The application pool is running as a "virtual account"; UserPrincipal.Current gets a group identity back, and incorrectly tries to convert it to a user identity.

Try using UserPrincipal.FindByIdentity instead of UserPrincipal.Current.

UserPrincipal.FindByIdentity throws InvalidCastException · Issue #39852 · dotnet/corefx · GitHub[^]
c# - Unable to cast object of type in System.DirectoryServices.AccountManagement.GroupPrincipal - Stack Overflow[^]
Application Pool Identities | Microsoft Docs[^]
UserPrincipal.FindByIdentity Method (System.DirectoryServices.AccountManagement) | Microsoft Docs[^]
   
Rate this:
Please Sign up or sign in to vote.

Solution 2

It works locally but not after published to IIS
   
Comments
Richard Deeming 21-Jan-20 11:22am
   
If you want to reply to a solution, click the "Have a Question or Comment?" button under that solution and post a comment.

Do not post your comment as a "solution".

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100