Posts Tagged Active Directory

SecurityException was unhandled by user code – VSTA, C#, InfoPath 2007

I got this error, while I was developing a InfoPath form in VSTA (Visual Studio Tools for Applications 2008) . This was my enviornment:

  • Windows 7
  • VSTA 2008
  • InfoPath 2007

Scenario: I was trying to get the user information from Active Directory(AD) and then display in an InfoPath form. Here is the C# code I have written in the VSTA:

public void CTRL1_5_Clicked(object sender, ClickedEventArgs e)
 {
 string strUserName = System.Environment.UserName;

 string xpath2 = "/my:myFields/my:field1";
 XPathNavigator field2 = MainDataSource.CreateNavigator().SelectSingleNode(xpath2, NamespaceManager);
 field2.SetValue(GetOU(strUserName)); //Get Organization Unit(OU) from Acitve Directory(AD)
 }

This is the error message I have got: 😦

Solution: I have fixed this issue in a different situation, just read in my previous post.

Thanks. R./

Happy InfoPathing. 🙂

Advertisements

, , , ,

1 Comment

Request for the permission of type ‘System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ failed – InfoPath 2007 forms Security Levels

When I was trying to display user information from Active Directory(AD) in an InfoPath form, I have got an error message saying that I don’t have permissions to access the Directory services. 😦

Details of the error message:

Text format of the error:

System.Security.SecurityException
 Request for the permission of type 'System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
at Template2.FormCode.GetOU(String username)
at Template2.FormCode.CTRL1_5_Clicked(Object sender, ClickedEventArgs e)
at Microsoft.Office.InfoPath.Internal.ButtonEventHost.OnButtonClick(DocActionEvent pEvent)
at Microsoft.Office.Interop.InfoPath.SemiTrust._ButtonEventSink_SinkHelper.OnClick(DocActionEvent pEvent)

I have faced this kind of security level errors while creating a web parts using Active Directory(AD) and you can read this in my previous post.

Basically InfoPath provides three security levels for forms, they are:

  • Restricted
  • Domain
  • Full Trust

The security levels determine whether a form can access data on other domains, or access files and settings on a user’s computer. If you need more info about this, just click here.

When we design/create an InfoPath form, the minimum trust level will be assigned in-default and which is not enough to access the Directory Services. So we need to change the trust level to access the information.  These are the simple steps to change the Trust Levels in InfoPath,

Step 1: Open the Form template in Design Mode

Step 2: Click the Form Options on the Tools menu

Step 3: You will be getting the following window and the security levels automatically determined

Step 4: Unchecked the check box, give the permissions to ‘Full Trust’ and then click OK

That’s all, you can access the Directory Services programmatically and display in your InfoPath form.  Sometimes you will be getting another error after fixing this (probably after publishing to SharePoint), to solve this problem we just need to specify the digitally signed certificate for this form. Check out the error message here.

Thanks. R./

, , , , , , ,

2 Comments

The application attempted to perform an operation not allowed by the security policy – DirectoryServices

I have developed a custom search and successfully deployed in our SharePoint 2007 (We have almost 16 sites and one document library, so we decided to filter the search according to the location, I will post the step by step development to the custom search later :)). My manager asked me to pick the location (ie. Organizational Unit (OU)) from Active Directory (AD) according to the user dynamically and I have written a method to pick the OU, you can see the post here. So far I didn’t get any problem but when I tried to deploy the web part to the SharePoint, I have got several errors and I managed to solve them but the following error gave me very hard time.

Security Exception: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ failed.

Source Error:

Stack Trace:

I tried several solutions to fix this issue but no luck, because my C# code is trying to access the AD information which is in the different server, so there is no trusted permission from SharePoint, but I could access the details form the local machine. Finally I just read the error message carefully and modified the Trust Level in the SharePoint web.config to “Full” then it was working.

Please note: Changing this Trust Level might harm your SharePoint Security!

To do the changes:

Step1: Open the web.config file (Using Notepad OR Visual Studio)

Step2: Locate the <trust level=”WSS_Minimal” originUrl=”” /> tag in the web. config file. The default value is “WSS_Minimal”. I tried “WSS_Medium” but it didn’t solve the problem, sometimes it will solve yours.

Step3: Change the <trust level=”Full” originUrl=”” />

That’s all, it is working now. Happy coding n SharePointing! There are some other solutions for this related issue, you can try.

1. Changes on the .NET Framework 2.0 Configuration tool, Tim Huffam’s blog will show how to do the work around.

References:

1. http://support.microsoft.com/kb/555466

2. http://us.generation-nt.com/answer/using-system-directoryservices-sharepoint-webpart-help-35022312.html

3. http://geekswithblogs.net/timh/archive/2006/03/08/71714.aspx

, , , , , , , ,

4 Comments

How to get the current user’s OU (Organizational Unit) from AD (Active Directory) – C#

There are so many ways to get the user details form AD (Active directory), but I wanted to get the current user’s OU (Organizational Unit) from Active directory. There is no any direct method to get the OU (Actually I could not find anything on the web, if anyone get an easy way to find-out please let me know). I am currently developing a Custom Search for SharePoint 2007 and according to the OU, I want to display the search results.

Here is the method I have created and most of the comments I have put in the code itself. I used Asp.net and C#.

public string GetOU(string username)
 {
 string result = string.Empty;
 using (HostingEnvironment.Impersonate())
 {
 //Getting the domain
 PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

//Finding the user
 UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, username);

//If the user found
 if (user != null)
 {
 // Getting the DirectoryEntry
 DirectoryEntry directoryEntry = (user.GetUnderlyingObject() as DirectoryEntry);
 //if the directoryEntry is not null
 if (directoryEntry != null)
 {
 //Getting the directoryEntry's path and spliting with the "," character
 string[] directoryEntryPath = directoryEntry.Path.Split(',');
 //Getting the each items of the array and spliting again with the "=" character
 foreach (var splitedPath in directoryEntryPath)
 {
 string[] eleiments = splitedPath.Split('=');
 //If the 1st element of the array is "OU" string then get the 2dn element
 if (eleiments[0].Trim() == "OU")
 {
 result = username + "-" + eleiments[1].Trim();
 break;
 }
 }
 }
 }
 }
 return result;
 }

Please don’t forget to add the following references:

using System.Collections;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices;
using System.Security.Principal;

If you want to get the current user’s OU then you can call this method in the Page_Load event.

protected void Page_Load(object sender, EventArgs e)
{
string userName = Context.User.Identity.Name;
LabelOU.Text = GetOU(userName);
}

You will get the output like this:

Domain-Name\RajanihanthV
OU-Name
I hope this small C# code will be helping someone! Thanks R./

References:

1. http://stackoverflow.com/questions/637486/how-to-get-the-current-users-active-directory-details-in-c-sharp

2. http://stackoverflow.com/questions/5309988/how-to-get-the-groups-of-a-user-in-active-directory-c-asp-net

, , , , , , , , , , , ,

7 Comments