Home/ Questions/Q 6814049
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T20:38:30+00:00

I’m not sure if this is going too far into sys admin territory, but

  • 0

I’m not sure if this is going too far into sys admin territory, but I will ask my question anyway 🙂

I’m developing a website in MVC3. The site uses constrained delegation to impersonate a user in the Windows domain and connect to a SQL Server under that user. This all works without problems.

What I’m trying to do is access the Display Name property of the logged on user name (using the following code):

string displayName;
var context = new PrincipalContext(ContextType.Domain, "contoso");
var userPrincipal = UserPrincipal.FindByIdentity(context,
                                  IdentityType.SamAccountName,
                                  userName);
displayName = userPrincipal.DisplayName;

I get an LDAP operations error:

Exception Details: System.Runtime.InteropServices.COMException: An operations error occurred.
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext
context, IdentityType identityType, String identityValue)

The strange thing is that:

  • This operation succeeds on the acceptance test server (same configuration, same domain, same application pool user, different machine).
  • This operation succeeds in a console application after using Remote Desktop to connect to the production machine under the user that the ASP.NET application pool runs.
  • The operation succeeds from a random workstation with a normal domain account.
  • The operation fails in the web site on the production server.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I solved this by setting the PhysicalPathCredentials of the website to the account. But I can’t figure out the cause of the problem, but it works.

    • 0