Re: No access to AD through DirectoryEntry/Searcher even when logging on
From: Willy Denoyette [MVP] (willy.denoyette@pandora.be)
Date: 06/24/02
- Next message: Rui Maia: "override of webconfig doesn't work...."
- Previous message: Munawar Ali: "how to detect javascript and cookie is enable on browse"
- In reply to: Trond-Eirik: "Re: No access to AD through DirectoryEntry/Searcher even when logging on"
- Next in thread: Rick: "Re: No access to AD through DirectoryEntry/Searcher even when logging on"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> Date: Mon, 24 Jun 2002 13:38:26 +0200
No, the explicit credentials are used when binding.
Use explicit credentials:
("LDAP://servername", "user", "password", AuthenticationTypes.ServerBind)
Following uses the default credentials (process or impersonation thread token):
("LDAP://servername", null, null, AuthenticationTypes.ServerBind)
Take also care of the following:
When specifying the usesername as something like : eTrond, then you need to specify secure binding (AuthenticationTypes.Secure).
Otherwise you can bind using:
- pre w2k "domain\user" syntax
- user@some.domain.com upn syntax.
without secure binding.
But I don't think this has something to do with your problem.
Did you try to use exactly the same binding string AND credentials AND AuthenticationTypes from a winforms/console application
Also check whether computer.company.no is a server name or a domain name, if not sure use the flat NetBIOS name of the AD/DC.
You may ask why this is important, well, when using a FQN, the LDAP provider will try to authenticate the credentials supplied using
Kerberos, when using the flat name NTLM will be used when binding.
Willy.
"Trond-Eirik" <tronderirikkolloen@hotmail.com> wrote in message news:e4JLrE2GCHA.2672@tkmsftngp13...
> Hello
>
> Thanks for your replay.
> I have tested this using the ServerBind flag as well.
> All the values should be correct, as I have tested the exact same values in
> a .Net windows application.
> The problems is only when I try do do this from the ASP.NET Web Application.
> From the .Net Windows application it works just fine.
>
> In my understanding this should indicate that all the connect paramters are
> correct.
>
> Here is my teory (problably wrong, but it at least a teory):
> - When impersonation is activated does ASP.NET override the login procedure
> and attemts to use the login of the impersonated user, and this is done
> after the authentication with the given input parameters.
> Since the impersonated user fails to connect due to the "impersonation does
> not work between servers problem" this causes the connection to not work.
>
> Any other good ideas?
>
> mvh, TEK
>
>
> "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
> news:uVgqs#hGCHA.1292@tkmsftngp04...
> >
> > The error message means that or the server cannot be reached, or the LDAP
> service is not running.
> > Is this the fullu qualified server name or domain name?
> > computer.company.no
> >
> > If it's a sever name:
> > make sure the name can be resolved.
> > What you can do is to replace the name by it's IP address, or store
> the name in the etc\hosts file.
> > You also should add the serverbind flag ( see: AuthenticationTypes enum)
> >
> > Willy.
> >
> >
> >
> > "Trond-Eirik" <tronderirikkolloen@hotmail.com> wrote in message
> news:#XXjJbGGCHA.2880@tkmsftngp12...
> > > Hello
> > >
> > > I'm having a web application running in IIS and ASP.Net/C#
> > > The webserver is using "Integrated Windows authentication"
> > > It's not an option to use "Basic authentication"
> > >
> > > I'm using <identity impersonate="true"/> in the web.config file to be
> able
> > > to impersonate the users.
> > >
> > > From my app (a C# class) I need to connect to AD to retrive some
> > > information.
> > > The optional would be that I could use impersonation to identify the
> user,
> > > but due to the fact that IIS and impersonate does not work when
> accessing
> > > resources on external computers, I'm not able to do this.
> > >
> > > So, instead I'm trying to log on to AD using a dedicated user with
> enought
> > > access rights.
> > > But this throws an exception saying: "The server is not operational"
> > >
> > > I have tested my code in a windows form, and everything was working just
> > > wonderful.
> > > But in my ASP.NET Web Application, nothing is working...
> > >
> > > The gode is as follows:
> > >
> > > DirectoryEntry objRoot = new DirectoryEntry(LDAP://computer.company.no,
> > > "<username>", "<password>"); /*I have also tried difference
> > > AuthenticationTypes */
> > > DirectorySearcher objSearcher = new DirectorySearcher(objRoot);
> > > objSearcher.Filter = "(displayName=Trond*)"
> > > SearchResult objResult = objSearcher.FindOne(); // this fails
> > > if(objResult != null){
> > > //write success
> > > }
> > >
> > > The line
> > > SearchResult objResult = objSearcher.FindOne();
> > > throws an COM exception.
> > >
> > > Anyone have a solution for this?
> > >
> > > Best regards
> > > Trond-Eirik
> > >
> > >
> >
> >
>
>
- Next message: Rui Maia: "override of webconfig doesn't work...."
- Previous message: Munawar Ali: "how to detect javascript and cookie is enable on browse"
- In reply to: Trond-Eirik: "Re: No access to AD through DirectoryEntry/Searcher even when logging on"
- Next in thread: Rick: "Re: No access to AD through DirectoryEntry/Searcher even when logging on"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
