Re: calling ADSI objects from WebApplication
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 01/28/05
- Previous message: Joe Rigley: "Seamless Login Page with ASP Dotnet"
- In reply to: johnny: "calling ADSI objects from WebApplication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jan 2005 08:32:03 -0600
It is a problem related to security context. Is your application set to
impersonate? Is it II5 or IIS6? What is the value of
System.Security.Principal.WindowsIdentity.GetCurrent().Name? Is that a
domain account?
One thing you can do to check this issue really quickly is add a domain name
or server to your binding strings, LDAP://mydomain.com/rootdse for example,
and specify credentials for your directory entry objects. If that fixes the
problem, then it is definitely an issue with your security context.
There is a good article here that discusses potential remedies and this
problem has been discussed to death in this another other groups, so Google
should help you find some more info.
http://support.microsoft.com/default.aspx?scid=kb;en-us;329986
Joe K.
"johnny" <johnny@discussions.microsoft.com> wrote in message
news:64FDE7AF-4174-4D70-AE19-AA7EC00DB649@microsoft.com...
> Hello, I got this weird problem. I have an intranet application that needs
> to
> communicate with Active directory. Authentication to Web application is
> done
> by means of active directory accounts.
>
> Now I have this code:
>
> DirectoryEntry objDomain = new DirectoryEntry("LDAP://rootDse");
> string domain =
> objDomain.Properties["defaultNamingContext"].Value.ToString();
> DirectorySearcher ds = new DirectorySearcher();
> ds.SearchRoot = new DirectoryEntry(string.Format("LDAP://{0}",domain));
> ds.Filter = "(&(objectClass=group)(sAMAccountName=group_name))";
> ds.SearchScope = SearchScope.Subtree;
> SearchResult res = ds.FindOne();
>
> When I run the application from any computer and authenticate as a user
> with
> domain administrator privilige, everything works fine. When I authenticate
> as
> a normal user application fail at line
> SearchResult res = ds.FindOne();
> throwing this exception:
>
> Text: An operations error occurred
> Exception Details: System.Runtime.InteropServices.COMException: An
> operations error occurred
> Stack Trace:
> System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +513
> System.DirectoryServices.DirectoryEntry.Bind() +10
> System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
> System.DirectoryServices.DirectorySearcher.FindAll(Boolean
> findMoreThanOne) +198
> System.DirectoryServices.DirectorySearcher.FindOne() +31
>
> To remind: This bunch of code is called from a library that is inside GAC
> to
> assert it's not consindered as partially trusted code.
>
> I have no idea, where the problem could be. As a first thing I thought the
> user doesn't have a privilige to communicate to AD, so I took this piece
> of
> code and put it into a Windows application and run as a normal user. It
> worked ok.
>
> Can anybody have any idea what I should do? I'd be very grateful. Thanks
> in
> advance.
- Previous message: Joe Rigley: "Seamless Login Page with ASP Dotnet"
- In reply to: johnny: "calling ADSI objects from WebApplication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
