Posts Tagged Organizational Unit

The application attempted to perform an operation not allowed by the security policy – DirectoryServices

Posted by Rajanihanth in Active Directory, DirectoryServices, SharePoint 2007 on March 23, 2012

I have developed a custom search and successfully deployed in our SharePoint 2007 (We have almost 16 sites and one document library, so we decided to filter the search according to the location, I will post the step by step development to the custom search later :)). My manager asked me to pick the location (ie. Organizational Unit (OU)) from Active Directory (AD) according to the user dynamically and I have written a method to pick the OU, you can see the post here. So far I didn’t get any problem but when I tried to deploy the web part to the SharePoint, I have got several errors and I managed to solve them but the following error gave me very hard time.

Security Exception: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ failed.

Source Error:

Stack Trace:

I tried several solutions to fix this issue but no luck, because my C# code is trying to access the AD information which is in the different server, so there is no trusted permission from SharePoint, but I could access the details form the local machine. Finally I just read the error message carefully and modified the Trust Level in the SharePoint web.config to “Full” then it was working.

Please note: Changing this Trust Level might harm your SharePoint Security!

To do the changes:

Step1: Open the web.config file (Using Notepad OR Visual Studio)

Step2: Locate the <trust level=”WSS_Minimal” originUrl=”” /> tag in the web. config file. The default value is “WSS_Minimal”. I tried “WSS_Medium” but it didn’t solve the problem, sometimes it will solve yours.

Step3: Change the <trust level=”Full” originUrl=”” />

That’s all, it is working now. Happy coding n SharePointing! There are some other solutions for this related issue, you can try.

1. Changes on the .NET Framework 2.0 Configuration tool, Tim Huffam’s blog will show how to do the work around.

References:

1. http://support.microsoft.com/kb/555466

2. http://us.generation-nt.com/answer/using-system-directoryservices-sharepoint-webpart-help-35022312.html

3. http://geekswithblogs.net/timh/archive/2006/03/08/71714.aspx

Advertisement

, , , , , , , ,

4 Comments

How to get the current user’s OU (Organizational Unit) from AD (Active Directory) – C#

Posted by Rajanihanth in .Net, Active Directory on February 7, 2012

There are so many ways to get the user details form AD (Active directory), but I wanted to get the current user’s OU (Organizational Unit) from Active directory. There is no any direct method to get the OU (Actually I could not find anything on the web, if anyone get an easy way to find-out please let me know). I am currently developing a Custom Search for SharePoint 2007 and according to the OU, I want to display the search results.

Here is the method I have created and most of the comments I have put in the code itself. I used Asp.net and C#.

public string GetOU(string username)
 {
 string result = string.Empty;
 using (HostingEnvironment.Impersonate())
 {
 //Getting the domain
 PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

//Finding the user
 UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, username);

//If the user found
 if (user != null)
 {
 // Getting the DirectoryEntry
 DirectoryEntry directoryEntry = (user.GetUnderlyingObject() as DirectoryEntry);
 //if the directoryEntry is not null
 if (directoryEntry != null)
 {
 //Getting the directoryEntry's path and spliting with the "," character
 string[] directoryEntryPath = directoryEntry.Path.Split(',');
 //Getting the each items of the array and spliting again with the "=" character
 foreach (var splitedPath in directoryEntryPath)
 {
 string[] eleiments = splitedPath.Split('=');
 //If the 1st element of the array is "OU" string then get the 2dn element
 if (eleiments[0].Trim() == "OU")
 {
 result = username + "-" + eleiments[1].Trim();
 break;
 }
 }
 }
 }
 }
 return result;
 }

Please don’t forget to add the following references:

using System.Collections;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices;
using System.Security.Principal;

If you want to get the current user’s OU then you can call this method in the Page_Load event.

protected void Page_Load(object sender, EventArgs e)
{
string userName = Context.User.Identity.Name;
LabelOU.Text = GetOU(userName);
}

You will get the output like this:

Domain-Name\RajanihanthV
OU-Name
I hope this small C# code will be helping someone! Thanks R./

References:

1. http://stackoverflow.com/questions/637486/how-to-get-the-current-users-active-directory-details-in-c-sharp

2. http://stackoverflow.com/questions/5309988/how-to-get-the-groups-of-a-user-in-active-directory-c-asp-net

, , , , , , , , , , , ,

7 Comments