AD Groups for Windows User

Question

I have an asp.net MVC application which is configured to use windows authentication. I am trying to get Groups from UserPrincipal using this.

UserPrincipal.Current.GetGroups()

This works fine when running from Visual Studio but fails when hosted on IIS. App pool is configured for Integrated pipeline and Network Service Identity. Throws below error:

Unable to cast object of type 'System.DirectoryServices.AccountManagement.GroupPrincipal' to type 'System.DirectoryServices.AccountManagement.UserPrincipal'."

I tried impersonating the code

WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity;

using (WindowsImpersonationContext wic = identity.Impersonate())
{
     PrincipalContext context = new PrincipalContext(ContextType.Domain, "DOMAIN NAME");
     UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "User Name");

}

FindByIdentity throws error.

000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1

How can I get current user groups from AD?

Answer 1

I ended up having this problem because i accidentally had my authentication types for the IIS site set up wrong. I removed 'anonymous authentication', and had it set so only 'asp.net authentication' and 'windows authentication' were enabled, and the error went away.