UserPrincipal.FindByIdentity returns null on the IIS server

Question

UserPrincipal.FindByIdentity returns null on the IIS server

I have the following code example in ASP.NET

using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain)) { using (UserPrincipal user = UserPrincipal.FindByIdentity(domainContext, HttpContext.Current.User.Identity.Name)) { if (user == null) { lbName.Text = "No User Principal"; } else { lbName.Text = user.DisplayName; } } }

Web.config looks like

 <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization>

I tried the code on my local development machine (part of the domain, log in as a domain user, VS2010, .Net 4.0, Windowx XP) to check locally, I can get a UserPrincipal object.

If I upgrade to WIndows 2003 (also part of the domain), IIS6, .Net 4.0 with the application pool running in the Network Service, I disabled anonymous access. But the code cannot get the UserPrincipal object.

Do I need to change the application pool to run under a domain account in order to get a UserPrincipal ?

+4

asp.net directoryservices

hardywang Dec 15 '11 at 15:43

source share

1 answer

Peter · Accepted Answer · 2011-12-15T16:51:37+0000

The reason that it worked in your dev block, and not in your prod window, is because on your dev block the website works under your network identifier, which has domain rights, but in production it works under the network service which does not have rights to your domain. You can:

Change the account that the IIS application pool is running under the domain
Add the impersonation section to the web.config file, where the account is a domain account
Clearly indicate the username / password in your PrincipalContext, which will be used for authentication in the domain.

UserPrincipal.FindByIdentity returns null on the IIS server

More articles: