Directory Binding and Search
dl
Date: 05/18/05
- Next message: Brian: "FormsAuthentication.SignOut() help...."
- Previous message: Ravichandran J.V.: "RE: Getting asp.net to not write to c drive where temporary folders re"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Directory Binding and Search"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Directory Binding and Search"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 May 2005 18:24:57 +0800
Hi Joe and All
Here are the lines of code I have tried, but seems like authentication was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same credentials
with ldp.exe and I was able to get the attributes I wanted.
By the way, for my application setting, I have not turned on impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in binding?
Any idea?
TIA
String uName = "cn=Administrator, cn=Users, dc=domain, dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;
//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");
mySearcher.Filter = "(objectClass=user)";
SearchResultCollection resEntAll = mySearcher.FindAll();
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:O6r5vcCWFHA.2692@TK2MSFTNGP15.phx.gbl...
> I'm not sure of any good articles or books (yet). MS has an article for
> forms auth with AD that I rarely recommend to people because I think it is
> pretty flawed, but you can look at it.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;326340
>
> The next thing I'd try is using a utility to ldp.exe to try your searches
> there and see if you get similar results. Sometimes it is helpful to get
> the extra layers out of the way and test things in a UI.
>
> You might also try the contains method to verify whether the
> SearchResult.Properties has the attributes you want.
>
> Joe K.
>
> <dl> wrote in message news:Oo0qa6BWFHA.2128@TK2MSFTNGP15.phx.gbl...
> > Hi Joe
> > I just tried passing in the credentials with DirectoryEntry(strpath,
> > uName,
> > pwd, AuthenticationTypes.Secure) but it is still giving me the last name
> > only!
> >
> > I guess I might have to revisit my whole dev setup for forms
> > authentication.
> > Is there a place / book I can look into about forms authentication with
AD
> > in ASP.NET? I thing I need to workout a checklist in each area.
> >
> > TIA
> >
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
wrote
> > in message news:e4ejkT9VFHA.3216@TK2MSFTNGP10.phx.gbl...
> >> The directoryentry used for the searchroot object determines the
security
> >> context that the search is performed with. It is possible that you are
> >> authenticating anonymously, and thus can't see many properties. You
can
> >> verify this by passing in credentials to the DirectoryEntry before
> > executing
> >> the search and seeing if you get different results. If so, that was
the
> >> problem.
> >>
> >> If that is the problem, there are other ways to solve it than using a
> >> hard-coded service account, but it is the easiest way to verify the
> >> issue.
> >>
> >> Joe K.
> >>
> >> <dl> wrote in message news:%23kJpCn8VFHA.2768@tk2msftngp13.phx.gbl...
> >> >I did tried to throw in the PropertiesToLoad lines; one for each
> >> >property
> >> > that I was going to get. But that didn't make any difference.
> >> > Interesting
> >> > enough the account I am using (to login via login.aspx) to list this
> >> > directory is the same as the one I used to create the entries and the
> > OU.
> >> > Do I need to pass on the credential (somewhere) to this page ? or do
I
> >> > need
> >> > to bind with the credential?
> >> > TIA
> >> >
> >> > Here is my code before the foreach statements ..
> >> > String strPath = "LDAP://ou=" + txtOUName.Text +
> >> > ",dc=domain,dc=com";
> >> > //Bind to the OU
> >> > DirectoryEntry myEnt = new DirectoryEntry(strPath);
> >> >
> >> > //do a DirectorySearch
> >> > DirectorySearcher mySearcher = new
DirectorySearcher(myEnt);
> >> > mySearcher.PropertiesToLoad.Add("sn");
> >> > mySearcher.PropertiesToLoad.Add("givenName");
> >> > mySearcher.PropertiesToLoad.Add("telephoneNumber");
> >> >
> >> > mySearcher.Filter = "(objectClass=user)";
> >> >
> >> > SearchResultCollection resEntAll = mySearcher.FindAll();
> >> >
> >> >
> >> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
> > wrote
> >> > in message news:uynwLa8VFHA.2692@TK2MSFTNGP15.phx.gbl...
> >> >> What did you put in to PropertiesToLoad? Also, it is possible that
> >> >> the
> >> >> security context you bound with only has rights to see a subset of
the
> >> >> properties you requested.
> >> >>
> >> >> Those are my two best guesses given what you've told us.
> >> >>
> >> >> Joe K.
> >> >>
> >> >> <dl> wrote in message news:OCHzJf4VFHA.1148@tk2msftngp13.phx.gbl...
> >> >> > Hi
> >> >> > I have the following lines of code that are suppose to list some
> >> > selected
> >> >> > properties of all the object entries in a SearchResult but the
code
> > is
> >> >> > only
> >> >> > listing one property ie. the 'sn' and the corresponding value for
> >> >> > all
> >> > the
> >> >> > entries, do you have a clue why?
> >> >> > TIA
> >> >> > ----------------------
> >> >> > foreach (SearchResult resEnt in resEntAll)
> >> >> > {
> >> >> > i++;
> >> >> > dr = dt.NewRow();
> >> >> > foreach (string propKy in
> >> > resEnt.Properties.PropertyNames)
> >> >> > {
> >> >> > switch (propKy)
> >> >> > {
> >> >> > case "sn":
> >> >> > y = 0;
> >> >> > break;
> >> >> > case "givenName":
> >> >> > y = 1;
> >> >> > break;
> >> >> > case "telephoneNumber":
> >> >> > y = 2;
> >> >> > break;
> >> >> > default:
> >> >> > y = 3;
> >> >> > break;
> >> >> > }
> >> >> > if (y < 3)
> >> >> > {
> >> >> > ResultPropertyValueCollection valco =
> >> >> > resEnt.Properties[propKy];
> >> >> > foreach (Object prop in valco)
> >> >> > {
> >> >> > dr[y] = prop.ToString();
> >> >> > }
> >> >> > }
> >> >> > }
> >> >> > dt.Rows.Add(dr);
> >> >> > }
> >> >> >
> >> >> > --
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
--
- Next message: Brian: "FormsAuthentication.SignOut() help...."
- Previous message: Ravichandran J.V.: "RE: Getting asp.net to not write to c drive where temporary folders re"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Directory Binding and Search"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Directory Binding and Search"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
