Home/ Questions/Q 3999892
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T07:42:52+00:00

I’m developing a SharePoint 2010 Web Part (in C#) which needs to pull user

  • 0

I’m developing a SharePoint 2010 Web Part (in C#) which needs to pull user data from Active Directory but I’m having trouble using the current SharePoint user’s credentials to authenticate with AD. I am using the DirectoryEntry class to get data from AD and it works fine when I hard-code some credentials but I know that’s bad practice so I want to avoid it. I’ve tried a couple of different things like:

new DirectoryEntry("LDAP://" + dc, null, null, AuthenticationTypes.ServerBind | AuthenticationTypes.FastBind);

and

new DirectoryEntry("LDAP://" + dc, null, null, AuthenticationTypes.Secure);

but they all just throw exceptions. I don’t really know what these do but it’s what I’ve managed to find online.

Any help that can point me in the right direction would be greatly appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re probably running into the infamous ‘double hop’ problem. The Sharepoint Server can’t automatically authenticate as you to another server, even on the same domain. Google ‘double hop’ for more info on the problem.

    There are several options for doing what you want:

    1. You can use the Secure Store Service in Sharepoint 2010 to store the requisite Username / Password for connecting to AD, either a single username/password shared by all Sharepoint Users (similar to #2 below) or a username/password for each Sharepoint user (similar to #3 below).

    2. You could set up an AD account that has read-only permissions to AD, then create some Web Part properties to store the username and password of the user. Set up the properties so that they are shared by all users and set by the administrator. Use the stored username/password when connecting to AD. Set the password property so that it is write-only from the UI side.

    3. If it’s important for each user to see a different set of AD data based on the user’s permissions in AD, then you could do something similar to the above, but don’t make the username/password properties shared.

    4. Set up Kerberos for your Sharepoint environment, thus allowing the sharepoint web server to authenticate as you to AD without having to store your credentials

    5. Setup AD to allow for anonymous read access (probably not the best, due to security considerations)

    • 0