LDAP & VB.NET - Querying Active Directory

Question

User1392098406 posted

 I have a VB.NET page that, when using the "view in browser" function, works great querying active directory through LDAP, however, when I post the page to our intranet, the query doesn't connect to LDAP.  Would this be a setting in IIS, ASP.NET, or LDAP?

Here is the code:

** strUserName is passed by User.Identity.Name.ToString().  It is also displayed on the page so I at least know that part is functioning. 

Public Function GetEmailFromActDir(ByVal strUserName As String) As String
        Dim strEmailAddress As String
        Try
            Dim strPath As String = LDAP://****/DC=***,DC=***,DC=***
            Dim strUserIds As String = Mid(strUserName, 5, Len(strUserName))
            Dim objDirEntry As New System.DirectoryServices.DirectoryEntry(strPath)
            Dim objDirSearcher As New System.DirectoryServices.DirectorySearcher(objDirEntry)
            Dim objCollSearchResult As System.DirectoryServices.SearchResultCollection
            Dim objlSearchResult As System.DirectoryServices.SearchResult
            Dim objCollResultProperty As System.DirectoryServices.ResultPropertyCollection
            Dim objCollResultPropertyValue As System.DirectoryServices.ResultPropertyValueCollection

            objDirSearcher.Filter = "(&(objectClass=user)(anr=" & strUserIds & "))"
            objCollSearchResult = objDirSearcher.FindAll()

            Select Case objCollSearchResult.Count
                Case 0
                    strEmailAddress = ""
                Case Is > 1
                    Exit Function
                Case Is = 1
                    objlSearchResult = objCollSearchResult.Item(0)
                    objCollResultProperty = objlSearchResult.Properties
                    objCollResultPropertyValue = objCollResultProperty.Item("mail")
                    strEmailAddress = objCollResultPropertyValue.Item(0)
            End Select

            objDirEntry.Dispose()
            objDirSearcher.Dispose()
            objCollSearchResult.Dispose()
            objlSearchResult = Nothing
            objCollResultProperty = Nothing
            objCollResultPropertyValue = Nothing

        Catch ex As System.Exception

            Dim strMess As String
            strMess = ex.Message
            strEmailAddress = ""

        End Try

        Return strEmailAddress

    End Function

Answer 1

User-60558687 posted

What is the exception message you're getting?

It could be that the user account under which your site is running on your intranet does not have access to AD. When your right click on page and View in Browser, the site is running under the user running the visual studio which does have access to AD.

At any case, turn on impersonation from web.config.

Answer 2

User1392098406 posted

 It was giving any exception message that I could see, it just wasn't querying AD.  I think you're right about it running under the ASPNET account on the intranet, which does not have access to AD.

I added <identity impersonate="true" /> to the web.config file and it's working great.

Thanks for your help, it's much appreciated!

Answer 3

User2124896852 posted

Sorry to resurrect an old thread, but I'm having this exact same issue.   (working on local PC, but not on intranet) Only, when I add the identity impersonate="true" to my web.config file and then try to view it via our intranet server, I get errors.    Once I turn the custom errors mode to "Off" I see this:

Description:
An unhandled exception occurred during the execution of the current web
request. Please review the stack trace for more information about the error and
where it originated in the code.

Exception Details:
System.Runtime.InteropServices.COMException: An operations error
occurred.


Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80072020): An operations error occurred. ] System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +377678 System.DirectoryServices.DirectoryEntry.Bind() +36 System.DirectoryServices.DirectoryEntry.get_AdsObject() +31 System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78 System.DirectoryServices.DirectorySearcher.FindOne() +47 TestAutoLogon._Default.Page_Load(Object sender, EventArgs e) in C:\inetpub\TestAutoLogon\TestAutoLogon\TestAutoLogon\Default.aspx.vb:76 System.Web.UI.Control.OnLoad(EventArgs e) +99 System.Web.UI.Control.LoadRecursive() +50 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627

I applogize as this is my first attempt at querying active directory so any help is appreciated.  I have contacted our network guy to see if giving the user account on the intranet server access to AD could be the fix we need...

Answer 4

User-125547262 posted

The reason why it works on  your local machine especially if you are using the built in web server is because the code is running as you who has active directory However on the server it is running under a non AD account. You can ask your admin to give you a service account and password and use that account credentials for doing all AD queries in your application