locked
LDAP & VB.NET - Querying Active Directory RRS feed

  • Question

  • User1392098406 posted

     I have a VB.NET page that, when using the "view in browser" function, works great querying active directory through LDAP, however, when I post the page to our intranet, the query doesn't connect to LDAP.  Would this be a setting in IIS, ASP.NET, or LDAP?

    Here is the code:

    ** strUserName is passed by User.Identity.Name.ToString().  It is also displayed on the page so I at least know that part is functioning. 

    Public Function GetEmailFromActDir(ByVal strUserName As String) As String
            Dim strEmailAddress As String
            Try
                Dim strPath As String = LDAP://****/DC=***,DC=***,DC=***
                Dim strUserIds As String = Mid(strUserName, 5, Len(strUserName))
                Dim objDirEntry As New System.DirectoryServices.DirectoryEntry(strPath)
                Dim objDirSearcher As New System.DirectoryServices.DirectorySearcher(objDirEntry)
                Dim objCollSearchResult As System.DirectoryServices.SearchResultCollection
                Dim objlSearchResult As System.DirectoryServices.SearchResult
                Dim objCollResultProperty As System.DirectoryServices.ResultPropertyCollection
                Dim objCollResultPropertyValue As System.DirectoryServices.ResultPropertyValueCollection

                objDirSearcher.Filter = "(&(objectClass=user)(anr=" & strUserIds & "))"
                objCollSearchResult = objDirSearcher.FindAll()

                Select Case objCollSearchResult.Count
                    Case 0
                        strEmailAddress = ""
                    Case Is > 1
                        Exit Function
                    Case Is = 1
                        objlSearchResult = objCollSearchResult.Item(0)
                        objCollResultProperty = objlSearchResult.Properties
                        objCollResultPropertyValue = objCollResultProperty.Item("mail")
                        strEmailAddress = objCollResultPropertyValue.Item(0)
                End Select

                objDirEntry.Dispose()
                objDirSearcher.Dispose()
                objCollSearchResult.Dispose()
                objlSearchResult = Nothing
                objCollResultProperty = Nothing
                objCollResultPropertyValue = Nothing

            Catch ex As System.Exception

                Dim strMess As String
                strMess = ex.Message
                strEmailAddress = ""

            End Try

            Return strEmailAddress

        End Function

    Tuesday, July 7, 2009 5:27 PM

Answers

  • User-60558687 posted

    What is the exception message you're getting?

    It could be that the user account under which your site is running on your intranet does not have access to AD. When your right click on page and View in Browser, the site is running under the user running the visual studio which does have access to AD.

    At any case, turn on impersonation from web.config.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, July 7, 2009 6:25 PM

All replies

  • User-60558687 posted

    What is the exception message you're getting?

    It could be that the user account under which your site is running on your intranet does not have access to AD. When your right click on page and View in Browser, the site is running under the user running the visual studio which does have access to AD.

    At any case, turn on impersonation from web.config.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, July 7, 2009 6:25 PM
  • User1392098406 posted

     It was giving any exception message that I could see, it just wasn't querying AD.  I think you're right about it running under the ASPNET account on the intranet, which does not have access to AD.

    I added <identity impersonate="true" /> to the web.config file and it's working great.

    Thanks for your help, it's much appreciated!

    Wednesday, July 8, 2009 12:27 PM
  • User2124896852 posted

    Sorry to resurrect an old thread, but I'm having this exact same issue.   (working on local PC, but not on intranet) Only, when I add the identity impersonate="true" to my web.config file and then try to view it via our intranet server, I get errors.    Once I turn the custom errors mode to "Off" I see this:

    Description:
    An unhandled exception occurred during the execution of the current web
    request. Please review the stack trace for more information about the error and
    where it originated in the code.

    Exception Details:
    System.Runtime.InteropServices.COMException: An operations error
    occurred.


    Source Error:

    An unhandled exception was generated during the execution of the
    current web request. Information regarding the origin and location of the
    exception can be identified using the exception stack trace below.

    Stack Trace:

    [COMException (0x80072020): An operations error occurred.
    ]
       System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +377678
       System.DirectoryServices.DirectoryEntry.Bind() +36
       System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
       System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
       System.DirectoryServices.DirectorySearcher.FindOne() +47
       TestAutoLogon._Default.Page_Load(Object sender, EventArgs e) in C:\inetpub\TestAutoLogon\TestAutoLogon\TestAutoLogon\Default.aspx.vb:76
       System.Web.UI.Control.OnLoad(EventArgs e) +99
       System.Web.UI.Control.LoadRecursive() +50
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
    

    I applogize as this is my first attempt at querying active directory so any help is appreciated.  I have contacted our network guy to see if giving the user account on the intranet server access to AD could be the fix we need...

    Tuesday, June 7, 2011 1:02 PM
  • User-125547262 posted

    The reason why it works on  your local machine especially if you are using the built in web server is because the code is running as you who has active directory However on the server it is running under a non AD account. You can ask your admin to give you a service account and password and use that account credentials for doing all AD queries in your application

    Tuesday, June 7, 2011 1:08 PM