locked
AD searches not running, not returning errors RRS feed

  • Question

  • User2069208169 posted

    I am writing an application for my Firm to allow employees to submit their time sheets via our Intranet. I am writing the app using Visual Basic.Net 2003. The development platform is a Windows XP SP2 box. Both Dot Net Framework 1.1 and 2.0 are installed.

    When I run the project on my development computer, all is fine. Upon loading the ASPX page, the code gets the current user's name and then uses it to query AD to get the user's password, department, and manager. Then, using the distinguished name returned by AD when you get the manager, it queries the manager's AD account and gets his email address.

    I deployed the project to my development computer's web server and again, when I use the browser on the computer it runs fine. However, if I try to run the site on another computer, still using my credentials, the AD queries appear to not run. I say this because no errors are reported. However, some other VB.Net code on the form is running just find (a calendar control).

    The web.config file has the   

    <identity impersonate="true" />
     
    statement, so the application should be using the credentials of the logged in user to query AD. Here is the code used to query AD:
     
           Public Shared Function GetUserInfo(ByVal inSAM As String, ByVal inType As String) As String
                ' This function searches Active Directory for the information on the
                ' user who is logged into the computer that the web page is being run
                ' on. It returns all of the entries for this user, and the entries are returned
                ' to the form where certain entries are selected and used.
                Try
                    Dim sPath As String = "LDAP://DC=Publicans,DC=com"
                    Dim SamAccount As String = Right(inSAM, Len(inSAM) - InStr(inSAM, "\"))
                    Dim myDirectory As New DirectoryEntry(sPath) 'pass the user account and password for your Enterprise admin.
                    Dim mySearcher As New DirectorySearcher(myDirectory)
                    Dim mySearchResultColl As SearchResultCollection
                    Dim mySearchResult As SearchResult
                    Dim myResultPropColl As ResultPropertyCollection
                    Dim myResultPropValueColl As ResultPropertyValueCollection
                    ' Build LDAP query
                    mySearcher.Filter = ("(&(objectClass=user)(samaccountname=" & SamAccount & "))")
                    mySearchResultColl = mySearcher.FindAll()
                    ' I expect only one user from search result
                    Select Case mySearchResultColl.Count
                        Case 0
                            Return "Null"
                            Exit Function
                        Case Is > 1
                            Return "Null"
                            Exit Function
                    End Select
                    ' Get the search result from the collection
                    mySearchResult = mySearchResultColl.Item(0)
                    ' Get the Properites, they contain the usefull info
                    myResultPropColl = mySearchResult.Properties
                    ' Retrieve from the properties collection the display name and email of the user
                    myResultPropValueColl = myResultPropColl.Item(inType)
                    Return CStr(myResultPropValueColl.Item(0))
                Catch ex As System.Exception
                    ' do some error return here.
                End Try
            End Function
     

     

    Can anyone help me to see what it is I've missed or done wrong?

    Thanks
    Nick

    Friday, January 5, 2007 5:38 PM

Answers

  • User1416329745 posted

    This computer is installed on a Native Active Directory network, with several Domain Controllers. All users have read-only access to AD.

    Then it is related to all the ACL(access control list) needed to run Asp.net and the extra steps needed to implement impersonation, that goes back my advice about using Windows Authentication and creating Authorization sections with ACL.  The Asp.net permissions and the extra impersonation requirements are covered below by Microsoft.  Hope this helps.

    http://msdn.microsoft.com/en-us/library/kwzs111e.aspx

    http://msdn.microsoft.com/en-us/library/xh507fc5.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, January 8, 2007 1:37 PM

All replies

  • User1416329745 posted

    If your development platform is XP where is the AD you are querying for results installed?  The reason is there is no AD in XP because it is a desktop computer that can only take five concurrent user.  And your time sheet stuff you just need Windows Authentication with ACL(access control list) protected folders. Hope this helps.

    Saturday, January 6, 2007 1:27 AM
  • User2069208169 posted
    This computer is installed on a Native Active Directory network, with several Domain Controllers. All users have read-only access to AD.
    Monday, January 8, 2007 12:41 PM
  • User1416329745 posted

    This computer is installed on a Native Active Directory network, with several Domain Controllers. All users have read-only access to AD.

    Then it is related to all the ACL(access control list) needed to run Asp.net and the extra steps needed to implement impersonation, that goes back my advice about using Windows Authentication and creating Authorization sections with ACL.  The Asp.net permissions and the extra impersonation requirements are covered below by Microsoft.  Hope this helps.

    http://msdn.microsoft.com/en-us/library/kwzs111e.aspx

    http://msdn.microsoft.com/en-us/library/xh507fc5.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, January 8, 2007 1:37 PM
  • User2069208169 posted

    I'm very new to all of this, and I had not seen this before. Thank you for all of your assistance. I'll get these steps implemented and let you know what happens.

     Nick

    Monday, January 8, 2007 2:09 PM
  • User2069208169 posted
    Adding the appropriate permissions has fixed the problem.  I really appreciate your help.
    Monday, January 8, 2007 3:22 PM
  • User1416329745 posted

    Adding the appropriate permissions has fixed the problem.  I really appreciate your help.

    I am glad I could help but it is Microsoft for telling me you need ACL(access control list) to be MCDBA.

    Monday, January 8, 2007 3:31 PM
  • User-644887396 posted

    hii

    I am using this code to get the username from my system and trying to send the username(extracting from domainname\username)  at the samaccountname field then it is not working,bt whenever i am sending the value by hardcoding  (samaccountname=joydeeps) then it is working fine,

    Plz tel me what i should do..........................................

    WindowsIdentity wi = WindowsIdentity.GetCurrent();

    string logonName = wi.Name;

    Console.WriteLine(logonName);

    string[] myString = logonName.Split(new char[] {'\\'});

    Console.WriteLine(myString[0]);

    Console.WriteLine(myString[1]);

    string temp = logonName.Substring(11);

    DirectoryEntry entry = new DirectoryEntry("LDAP://DC=aztec,DC=soft");

    DirectorySearcher searcher = new DirectorySearcher(entry);

    searcher.Filter = "(&(objectCategory=person)(samaccountname=myString[1]))" ;//searcher.Filter = "(&(objectCategory=person)(samaccountname=joydeeps)"

     

     

    please help me..........

    Sunday, April 15, 2007 10:03 AM