Re: Domain could not be contacted problem
From: Grant (gpsnett_at_hotmail.com)
Date: 11/23/04
- Next message: Ken Schaefer: "Re: Best way to implement security scenario"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Configuration Differences"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Domain could not be contacted problem"
- Next in thread: Ken Schaefer: "Re: Domain could not be contacted problem"
- Reply: Ken Schaefer: "Re: Domain could not be contacted problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Nov 2004 10:31:00 -0000
Thanks for your help Joe. I put the "identity impersonate="true"" into the
web config file and it worked perfectly. So nice when t works when in fact
you were expecting an error - love that.
I also had to disable anonymous access and enable integrated authentication
in IIS before it worked. I do have to log in when I access the page for the
first time - not sure why thats happening but if the rest works then my
theory is - walk away veeeery slowly.
Cheers,
Grant
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eL5MYkR0EHA.1652@TK2MSFTNGP11.phx.gbl...
> The way I see it, you have two choices. You can either get your code
> running under a domain account so that you don't have to supply
> credentials and a server name, or you can supply a server or domain name
> and supply credentials.
>
> If you go the former route, you have a lot of options. Essentially, you
> can either make the process run under a domain account, or you can
> impersonate a domain account so that your current thread will take on that
> identity.
>
> To change the process account, you can either make the worker process run
> as a domain account or move the code into a COM+ component and run that
> under a domain identity.
>
> To impersonate a domain account, you generally do this by enabling
> impersonation in web.config. If you do that, then you will be
> impersonating the authenticated user in IIS. That will either be the user
> logging on or the anonyous user account (which you can make a domain
> account if you want).
>
> It is also possible to impersonate a specific user via web.config by
> specifying credentials and you can impersonate an account through code.
> Thus, you have lots of options. Some of these options vary by the OS you
> are running and your security settings.
>
> All of the IIS security settings are configured via the IIS MMC on the
> directory security tab.
>
> Normally, I just supply the server or domain in the binding string and
> supply som credentials from a service account and don't worry about all of
> the above.
>
> HTH,
>
> Joe K.
>
> "Grant" <gpsnett@hotmail.com> wrote in message
> news:u0LvQcN0EHA.1524@TK2MSFTNGP09.phx.gbl...
>> Thank you for the reply! Looking at my web.config file I dont have this
>> "identity impersonate="true"" section and also it says to "security
>> mechanism to Anonymous only" - where do I find this security mechanism,
>> and how would i set the identity impersonate setting?
>>
>> -------------
>> When the Web.config file is set to identity impersonate="true"/ and
>> authentication mode="Windows", use the Anonymous account with the
>> following settings: . On the ASPX page, set the security mechanism to
>> Anonymous only.
>> . Clear the Allow IIS to control the password check box.
>> . Set the Anonymous account to be a domain user.
>>
>> -------------
>>
>> Cheers
>> Grant
>>
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote in message news:Op5qpNN0EHA.3244@TK2MSFTNGP10.phx.gbl...
>>> This is a security context issue. The account your code is running
>>> under might not be a domain account, so you can't use serverless binding
>>> (which is what you are doing when you don't put a server name in the
>>> binding string below).
>>>
>>> This document has a lot more detail:
>>>
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;329986
>>>
>>> Joe K.
>>>
>>> "Grant" <gpsnett@hotmail.com> wrote in message
>>> news:u2KGc%23M0EHA.2528@TK2MSFTNGP10.phx.gbl...
>>>> Hello,
>>>>
>>>> I got some sample code off the MSDN website on how to loop through a
>>>> group in active directory and list the members. I can run the code from
>>>> a console app but I cant run it from an ASP solution? I get the
>>>> folowing message:
>>>>
>>>> "The specified domain either does not exist or could not be contacted"
>>>>
>>>> Heres the code Im using:
>>>> ---------------------------------------------------
>>>> try
>>>> {
>>>> DirectoryEntry group = new
>>>> DirectoryEntry("LDAP://CN=Administrators,CN=builtin,DC=ourdomain,DC=com");
>>>> object members = group.Invoke("Members",null); //CODE IS FAILING
>>>> HERE
>>>> foreach( object member in (IEnumerable) members)
>>>> {
>>>> DirectoryEntry x = new DirectoryEntry(member);
>>>> }
>>>> }
>>>> catch ( Exception ex )
>>>> {
>>>> lblResults.Text = ex.Message;
>>>>
>>>> }
>>>> ---------------------------------------------------
>>>>
>>>> I havent done any ASP programming before. This is a standard
>>>> webapplication created using Visual Studio.NET 2003. I have IIS
>>>> installed and Ive set the permissions to interactive user. The above
>>>> code works from my console app and works a beaut but just not from my
>>>> ASP page..
>>>>
>>>> can anyone tell me what Im doing worng here?
>>>>
>>>> Thanks,
>>>> Grant
>>>>
>>>
>>>
>>
>>
>
>
- Next message: Ken Schaefer: "Re: Best way to implement security scenario"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Configuration Differences"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Domain could not be contacted problem"
- Next in thread: Ken Schaefer: "Re: Domain could not be contacted problem"
- Reply: Ken Schaefer: "Re: Domain could not be contacted problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
