Re: Problem in Accessing Active Directory from ASP.net
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Jun 2006 09:09:21 -0500
We cover this type of stuff in great detail in our book, but here are a few
pointers.
First, you may not need to use LDAP at all to get the user's groups. If you
are using Windows auth in IIS (IWA, Basic or Digest), then ASP.NET already
"knows" the users group via the WindowsIdentity and WindowsPrincipal objects
in Context.User. Just call IsInRole to access the Groups property.
If you really do need to access AD using the authenticated user's
credentials and you are using IWA for authentication, then you'll need to
enable Kerberos delegation. You also may need to provide a domain hint in
your path as serverless binding may not work the way you want to. Simply
put the DNS domain name in your path:
LDAP://yourdomain.com/DC=yourdomain,DC=com
instead of
LDAP://DC=yourdomain,DC=com
Getting Kerberos delegation working will likely be the more tricky part.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Maqsood Ahmed [MCAD .NET]" <Maqsood Ahmed [MCAD
..NET]@discussions.microsoft.com> wrote in message
news:83414C48-4438-407E-A200-30F8F27D2C24@xxxxxxxxxxxxxxxx
Environment:
Windows XP, .NET/ASP .NET 2.0
I am developing an intranet application for my company. I want to use LDAP
to get the existing users of the company and allow them access according
to
their roles. I have set identity impersonation = true and authentication
mode
= "Windows" in the Web.config file of the application.
I get an COMException whenever I try to access LDAP objects using the
DirectoryEntry class. It only happens when I use it through IIS. it works
fine with ASP .NET Development Server. Please note that I am using
Serverless
binding.
The exception message is like the following:
System.Runtime.InteropServices.COMException (0x8007054B): The specified
domain either does not exist or could not be contacted.
[Code]
DirectoryEntry de = new DirectoryEntry();
string domainName = de.Name; //This line generates exception
[/Code]
I have also tried to assign a domain account as the Anonymous account for
the Virtual Direcotry, but it didn't help either.
Can anyone of you please let me know that what should I do to get it
working. Should I always provide the domain name, username and password to
access the LDAP objects, can't it be used via anonymous access?
.
- Follow-Ups:
- Re: Problem in Accessing Active Directory from ASP.net
- From: Maqsood Ahmed
- Re: Problem in Accessing Active Directory from ASP.net
- Prev by Date: Re: SqlClientPermission
- Next by Date: Re: Timeout differences
- Previous by thread: Re: Timeout differences
- Next by thread: Re: Problem in Accessing Active Directory from ASP.net
- Index(es):
Relevant Pages
|
|
