I’ve been trying to solve this problem all day, and I’ve read some conflicting information within the standard google message board answers.

What I’m trying to do is retrieve a domain user’s (that is, the currently logged in user’s) email address from active directory. My ASP.NET 4 website is setup for Windows Authentication and everything works fine until the active directory calls.

When I do the following, I get a COMException on the search.findAll() line. The exception message is “An operations error occured” (Very helpful message eh?)
(Stripped down code for readability)

WindowsIdentity winId = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsImpersonationContext wic = null;

wic = winId.Impersonate();
using (DirectoryEntry root = new DirectoryEntry(rootQuery))
{
      String userQuery = GetUserQuery();
      DirectorySearcher searcher = new DirectorySearcher(root);
      searcher.SearchScope = SearchScope.Subtree;
      searcher.Filter = userQuery;

      SearchResultCollection results = searcher.FindAll();
      return (results[0].Properties["proxyaddresses"][0]).ToString();
}

So basically I want to impersonate the logged in user to make the call.
Note this code works as expected if I pass in my credentials directly to the DirectoryEntry constructor. Also, I receive the same error if I get rid of the impersonation code and set application wide impersonation in the web config.

So I guess my question, before I waste any more time on this, is this even possible? Or do you have to specify a username and password to access AD?

BTW on my dev box I’m running IIS5, but will probably deploy to IIS6.

edit:

as requested:

rootQuery = @"LDAP://{0}.com/DC={0}, DC=com";
userQuery = @"(&(samAccountName={0})(objectCategory=person)(objectClass=user))";

with the proper domain and user specified.