calling ADSI objects from WebApplication

From: johnny (johnny_at_discussions.microsoft.com)
Date: 01/28/05

  • Next message: Dominick Baier: "RE: DPAPI failing with user store (revisited)" 
    Date: Fri, 28 Jan 2005 01:15:03 -0800

    Hello, I got this weird problem. I have an intranet application that needs to
    communicate with Active directory. Authentication to Web application is done
    by means of active directory accounts.

    Now I have this code:

    DirectoryEntry objDomain = new DirectoryEntry("LDAP://rootDse");
    string domain = objDomain.Properties["defaultNamingContext"].Value.ToString();
    DirectorySearcher ds = new DirectorySearcher();
    ds.SearchRoot = new DirectoryEntry(string.Format("LDAP://{0}",domain));
    ds.Filter = "(&(objectClass=group)(sAMAccountName=group_name))";
    ds.SearchScope = SearchScope.Subtree;
    SearchResult res = ds.FindOne();

    When I run the application from any computer and authenticate as a user with
    domain administrator privilige, everything works fine. When I authenticate as
    a normal user application fail at line
    SearchResult res = ds.FindOne();
    throwing this exception:

    Text: An operations error occurred
    Exception Details: System.Runtime.InteropServices.COMException: An
    operations error occurred
    Stack Trace:
       System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +513
       System.DirectoryServices.DirectoryEntry.Bind() +10
       System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
       System.DirectoryServices.DirectorySearcher.FindAll(Boolean
    findMoreThanOne) +198
       System.DirectoryServices.DirectorySearcher.FindOne() +31

    To remind: This bunch of code is called from a library that is inside GAC to
    assert it's not consindered as partially trusted code.

    I have no idea, where the problem could be. As a first thing I thought the
    user doesn't have a privilige to communicate to AD, so I took this piece of
    code and put it into a Windows application and run as a normal user. It
    worked ok.

    Can anybody have any idea what I should do? I'd be very grateful. Thanks in
    advance.

  • Next message: Dominick Baier: "RE: DPAPI failing with user store (revisited)"

    Relevant Pages

    • calling ADSI objects from Web Application
      ... communicate with Active directory. ... by means of active directory accounts. ... When I authenticate as ... code and put it into a Windows application and run as a normal user. ...
      (microsoft.public.dotnet.framework.interop)
    • calling ADSI from WebApp
      ... communicate with Active directory. ... by means of active directory accounts. ... When I authenticate as ... code and put it into a Windows application and run as a normal user. ...
      (microsoft.public.dotnet.framework.clr)
    • Re: calling ADSI objects from WebApplication
      ... then it is definitely an issue with your security context. ... > by means of active directory accounts. ... > When I run the application from any computer and authenticate as a user ... > code and put it into a Windows application and run as a normal user. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: calling ADSI from WebApp
      ... > by means of active directory accounts. ... > When I run the application from any computer and authenticate as a user ... > domain administrator privilige, everything works fine. ... > code and put it into a Windows application and run as a normal user. ...
      (microsoft.public.dotnet.framework.clr)
    • Re: How to setup authentication across domains within a forest?
      ... forest, regardless of their location. ... DCs for the domain ... Windows 2003 Server Deployment Guide (Active Directory ... >> authentication db and users authenticate to the ...
      (microsoft.public.windows.server.active_directory)