Re: problem accessing ActiveDirectory through Mozill Firefox
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 18 Jun 2006 09:38:12 -0500
Your code is impersonating the logged on user and using that security
context to access AD. As such, you are making an assumption that the
security context of the authenticated user can be delegated to AD on a
remote machine.
My guess is that you are getting Kerberos authentication with IE, but
getting NTLM with Firefox. Unless protocol transition is enabled for the
service account (and your domain is 2003 and your web server is 2003 as
well), you'll need Kerberos authentication to make this work.
It should also work if you switch to basic authentication, but then you
won't get SSO.
If you enable logon event auditing on the web server, you should see
something like this in the security event log. You can also look at the
headers sent back and forth by the browsers using a tool like IE HTTP
Headers for IE or the built in logging feature in FireFox. If you look at
the www-authenticate and authorization headers, you should notice that they
look different for each browser.
Note also that if you don't need to access AD with the authenticated user's
credentials, you can just use a service account on the web server to do the
same thing (a trusted subsystem architecture). This depends on the app you
are building though.
In your code, you really should be searching using the sAMAccountName
attribute if you want to find users using the name supplied by
Context.User.Identity. Additionally, you should add displayName to the
PropertiesToLoad property of the DirectorySearcher and read its value
directly from the SearchResult object. Calling GetDirectoryEntry is
redundant and unnecessary.
You can find a lot more info on this type of stuff in my book if you are
interested.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"krisshnaprabhu" <krisshnaprabhu.29jro3@xxxxxxxxxxxxxxxxxxxxx> wrote in
message news:krisshnaprabhu.29jro3@xxxxxxxxxxxxxxxxxxxxxxxx
hi all,
by using the following code i can be able to retrieve the User
"DisplayName" from the ActiveDirectory by using IE, if i run the same
application by using Mozilla Firefox then i am getting "An operations
error occurred" message, my requirements is my application should run
in this two browser in windows and Safari in Mac.i don't know what to
do, please help me.
Code Used:
=========
string dispname="";
//Context.User.Identity.Name
System.Security.Principal.WindowsImpersonationContext
impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)this.Page.User.Identity).Impersonate();
// Put user code to initialize the page here
DirectoryEntry entry = new DirectoryEntry("LDAP://ECWEB.local";);
DirectorySearcher dSearch = new DirectorySearcher(entry);
String Name = this.Page.User.Identity.Name;
Name=Name.Substring(Name.LastIndexOf(@"\")+1);
//String Name="krishnaprabhu";// name
Name="tinna";
dSearch.Filter = "(&(objectClass=user)(givenName=" + Name + "))";
DirectoryEntry result = dSearch.FindOne().GetDirectoryEntry();
string name = result.Properties["displayName"].Value.ToString();
Literal1.Text = dispname;
impersonationContext.Undo();
--
krisshnaprabhu
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------
.
- Prev by Date: persisting credentials across different sites running .net 1.1 and 2.0.
- Next by Date: Re: Asp.net & Ssl
- Previous by thread: persisting credentials across different sites running .net 1.1 and 2.0.
- Next by thread: Re: Asp.net & Ssl
- Index(es):
Relevant Pages
|
|
