Error 0x80005000 and DirectoryServices
It's a permission problem.
When you run the console app, that app runs with your credentials, e.g. as "you".
The WCF service runs where? In IIS? Most likely, it runs under a separate account, which is not permissioned to query Active Directory.
You can either try to get the WCF impersonation thingie working, so that your own credentials get passed on, or you can specify a username/password on creating your DirectoryEntry:
DirectoryEntry directoryEntry =
new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com",
userName, password);
OK, so it might not be the credentials after all (that's usually the case in over 80% of the cases I see).
What about changing your code a little bit?
DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);
directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);
directorySearcher.PropertiesToLoad.Add("msRTCSIP-PrimaryUserAddress");
var result = directorySearcher.FindOne();
if(result != null)
{
if(result.Properties["msRTCSIP-PrimaryUserAddress"] != null)
{
var resultValue = result.Properties["msRTCSIP-PrimaryUserAddress"][0];
}
}
My idea is: why not tell the DirectorySearcher
right off the bat what attribute you're interested in? Then you don't need to do another extra step to get the full DirectoryEntry
from the search result (should be faster), and since you told the directory searcher to find that property, it's certainly going to be loaded in the search result - so unless it's null (no value set), then you should be able to retrieve it easily.
Marc
Unknown Error (0x80005000) with LDAPS Connection
Finally!
It seems that an ASP.NET application does not have the rights (or doesn't know how) to examine the trusted certificate store at machine level. Since the certificate was self-signed the ASP.NET application refused to establish a connection.
I fixed the problem using custom certificate validation.
The following code did the trick:
LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier("server", port));
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
con.Credential = new NetworkCredential(String.Empty, String.Empty);
con.AuthType = AuthType.Basic;
con.Bind();
Since I am sure the certificate is valid, the ServerCallBack method looks like this:
public static bool ServerCallBack(LdapConnection connection, X509Certificate certificate)
{
return true;
}
But you can always of course retrieve the certificate from the local machine and validate it.
The namespace used in this example is:
System.DirectoryServices.Protocols;
This is because the namespace:
System.DirectoryServices.DirectoryEntry
does not contain a method for custom certificate validation.
Thank you all for your help and time, and hopefully this will help someone in the future!
Strange COM interop exception 0x80005000 using System.DirectoryServices.AccountManagement libraries
I also ran into the same issue with a (GroupPrincipal instance).Members.Add(UserPrincipal instance).
The workaround (in IronPython) is rather simple thanks to the GetUnderlyingObject method.
de = group.GetUnderlyingObject
# Group member DNs are kept in 'member' attribute in LDAP
de.Properties['member'].Add(user.DistinguishedName)
de.CommitChanges() # Save your work
Error 0x80005000 with LdapConnection and LDAPS
Would something like this work for you..?
const string Domain = "ServerAddress:389";
const string constrParts = @"OU=Users,DC=domain,DC=com";
const string Username = @"karell";
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, Domain, constrParts);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, username);
Here is a really good site for great references and examples
DirectoryServices DirectoryEntry
for Connection over SSL you could do something like the following
const int ldapInvalidCredentialsError = 0x31;
const string server = "your_domain.com:636";
const string domain = "your_domain.com";
try
{
using (var ldapSSLConn = new LdapConnection(server))
{
var networkCredential = new NetworkCredential(username, password, domain);
ldapSSLConn.SessionOptions.SecureSocketLayer = true;
ldapSSLConn.AuthType = AuthType.Negotiate;
ldapSSLConn.Bind(networkCredential);
}
// If the bind succeeds, the credentials are valid
return true;
}
catch (LdapException ldapEx)
{
// Invalid credentials a specific error code
if (ldapEx.ErrorCode.Equals(ldapInvalidCredentialsError))
{
return false;
}
throw;
}
MSDN list of Invalid LDAP Error Codes
0x80005000 Unknown Error on UserPrincipal.GetGroups with Special Characters in OU
I believe this is a bug.
The source code of the .NET Core implementation of the AccountManagement
namespace is available online now. I would imagine the .NET Framework version is much the same.
I believe the problem is on line 1218 of ADStoreCtx.cs:
roots.Add(new DirectoryEntry("GC://" + gc.Name + "/" + p.DistinguishedName, this.credentials != null ? this.credentials.UserName : null, this.credentials != null ? this.credentials.Password : null, this.AuthTypes));
That is dropping the user's distinguished name into an LDAP path, which uses slashes as separators, without escaping any slashes in the DN.
I know bugs for .NET Core can be reported in GitHub, but I'm not sure where to report a bug with .NET Framework.
Related Topics
Calling a C# Function by a HTML Button
Fixing Gridview Header While Scrolling
Webbrowser Control - No CSS Applied
How to Convert Style Text to C# Object Such as Class/Hashtable/Collection
C# - How to Prevent Mousewheel-Scrolling in My Combobox
Why Does "Dtoa.C" Contain So Much Code
Setup Database (Sqlite) for Unity
Check a String to See If All Characters Are Hexadecimal Values
How to Get Max Value of a Column Using Entity Framework
Xamarin (Android) Unit Tests in Visual Studio 2017
Most Efficient Way to Append Arrays in C#
Deserialize JSON to Anonymous Object
Executing a Cygwin Process from .Net
How to Pass Variables from C# to JavaScript
"Can't Find Pinvoke Dll 'Dbnetlib.Dll'." Error in Smart Device Application