Archive for category Active Directory

SecurityException was unhandled by user code – VSTA, C#, InfoPath 2007

I got this error, while I was developing a InfoPath form in VSTA (Visual Studio Tools for Applications 2008) . This was my enviornment:

  • Windows 7
  • VSTA 2008
  • InfoPath 2007

Scenario: I was trying to get the user information from Active Directory(AD) and then display in an InfoPath form. Here is the C# code I have written in the VSTA:

public void CTRL1_5_Clicked(object sender, ClickedEventArgs e)
 string strUserName = System.Environment.UserName;

 string xpath2 = "/my:myFields/my:field1";
 XPathNavigator field2 = MainDataSource.CreateNavigator().SelectSingleNode(xpath2, NamespaceManager);
 field2.SetValue(GetOU(strUserName)); //Get Organization Unit(OU) from Acitve Directory(AD)

This is the error message I have got: 😦

Solution: I have fixed this issue in a different situation, just read in my previous post.

Thanks. R./

Happy InfoPathing. 🙂


, , , ,

1 Comment

InfoPath cannot grant access to these files and settings because the form template is not fully trusted. For a form to run with full trust, it must be installed or digitally signed with a certificate – InfoPath 2007 forms Security Levels

After giving the Full Trust to the Form template (See here), we will be able to preview the InfoPath form and get information from other domains, or access files and settings on a user’s computer. But when we publish InfoPath form on SharePoint and try to access the from then you will be getting this error. 😦



Text format of the error:

Form template: file:///C:\Documents%20and%20Settings\RajanihanthV\Desktop\XmlProc\InfoPath\ADInfo.xsn</pre>
The form template is trying to access files and settings on your computer. InfoPath cannot grant access to these files and settings because the form template is not fully trusted. For a form to run with full trust, it must be installed or digitally signed with a certificate.

If we need to access the form from SharePoint, we need to be digitally signed the form even it is fully trusted. This is pretty simple, but we have to do this process after publishing the form on SharePoint only. Here are the steps.

Step 1: Navigate to the Document (form) Library, where your form published

Step 2: Click Settings on the Document Library Settings

Step 3: Advanced Settings

Step 4: Edit Template

Step 5: Click the Form Options on the Tools menu

Step 6: Click Sign this Form Template and create or select certificate, then OK

That’s all. You can try and see. 🙂

This will work only for you (author), If you want give access to all users you have to get the digital signature from 3rd party vendors and signed the form.

Thanks. R./

, , , ,


The application attempted to perform an operation not allowed by the security policy – DirectoryServices

I have developed a custom search and successfully deployed in our SharePoint 2007 (We have almost 16 sites and one document library, so we decided to filter the search according to the location, I will post the step by step development to the custom search later :)). My manager asked me to pick the location (ie. Organizational Unit (OU)) from Active Directory (AD) according to the user dynamically and I have written a method to pick the OU, you can see the post here. So far I didn’t get any problem but when I tried to deploy the web part to the SharePoint, I have got several errors and I managed to solve them but the following error gave me very hard time.

Security Exception: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ failed.

Source Error:

Stack Trace:

I tried several solutions to fix this issue but no luck, because my C# code is trying to access the AD information which is in the different server, so there is no trusted permission from SharePoint, but I could access the details form the local machine. Finally I just read the error message carefully and modified the Trust Level in the SharePoint web.config to “Full” then it was working.

Please note: Changing this Trust Level might harm your SharePoint Security!

To do the changes:

Step1: Open the web.config file (Using Notepad OR Visual Studio)

Step2: Locate the <trust level=”WSS_Minimal” originUrl=”” /> tag in the web. config file. The default value is “WSS_Minimal”. I tried “WSS_Medium” but it didn’t solve the problem, sometimes it will solve yours.

Step3: Change the <trust level=”Full” originUrl=”” />

That’s all, it is working now. Happy coding n SharePointing! There are some other solutions for this related issue, you can try.

1. Changes on the .NET Framework 2.0 Configuration tool, Tim Huffam’s blog will show how to do the work around.





, , , , , , , ,


How to get the current user’s OU (Organizational Unit) from AD (Active Directory) – C#

There are so many ways to get the user details form AD (Active directory), but I wanted to get the current user’s OU (Organizational Unit) from Active directory. There is no any direct method to get the OU (Actually I could not find anything on the web, if anyone get an easy way to find-out please let me know). I am currently developing a Custom Search for SharePoint 2007 and according to the OU, I want to display the search results.

Here is the method I have created and most of the comments I have put in the code itself. I used and C#.

public string GetOU(string username)
 string result = string.Empty;
 using (HostingEnvironment.Impersonate())
 //Getting the domain
 PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

//Finding the user
 UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, username);

//If the user found
 if (user != null)
 // Getting the DirectoryEntry
 DirectoryEntry directoryEntry = (user.GetUnderlyingObject() as DirectoryEntry);
 //if the directoryEntry is not null
 if (directoryEntry != null)
 //Getting the directoryEntry's path and spliting with the "," character
 string[] directoryEntryPath = directoryEntry.Path.Split(',');
 //Getting the each items of the array and spliting again with the "=" character
 foreach (var splitedPath in directoryEntryPath)
 string[] eleiments = splitedPath.Split('=');
 //If the 1st element of the array is "OU" string then get the 2dn element
 if (eleiments[0].Trim() == "OU")
 result = username + "-" + eleiments[1].Trim();
 return result;

Please don’t forget to add the following references:

using System.Collections;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices;
using System.Security.Principal;

If you want to get the current user’s OU then you can call this method in the Page_Load event.

protected void Page_Load(object sender, EventArgs e)
string userName = Context.User.Identity.Name;
LabelOU.Text = GetOU(userName);

You will get the output like this:

I hope this small C# code will be helping someone! Thanks R./




, , , , , , , , , , , ,