locked
connecting problem in vb.net with ldap to active directory RRS feed

  • Question

  • I am upgrading our servers and .net application from windows 2000 to the newly-purchased windows 2012R2 servers.  There is one function which works in windows 2000 but doesn’t work in windows 2012R2. 

    I am running an .net 2.0 internal application in windows 2000 and IIS 5.0 using Visual Studio professional 2015.  There is one function in this application which will make a function call to an AD server using LDAP to check the login id and password in Active Directory.  It is running perfectly fine before. However, once I upgrade to this new window2012R2 server running .net 2.0, it doesn’t work. The function in the application is not able to get authorization in the Active Directory. The function as below:

                Private Function IsAuthenticatedByAD(ByVal sUid As String, ByVal sPwd As String) As Boolean

                Dim direntRoot As DirectoryEntry, direntUsr As DirectoryEntry
                Dim sDomain As String, sDomainAndUid As String
                Dim dirsrchUsr As DirectorySearcher, oNative As Object

                direntRoot = New DirectoryEntry("LDAP://rootDSE")
                sDomain = direntRoot.Properties("DefaultNamingContext")(0)

                sDomainAndUid = String.Format("{0}\{1}", sDomain, sUid)
                direntUsr = New DirectoryEntry(direntRoot.Path, sDomainAndUid, sPwd)

                Try
                    oNative = direntUsr.NativeObject
                Catch ex As Exception
                    Return False
                End Try

                Return True

                End Function


    The username existed in AD and the password is correct for sure. I received error message in the "Try" section when run oNative = ....
    The error message as below:

    "System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The user name or password is incorrect." & vbCrLf & vbCrLf & "   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)" & vbCrLf & "   at System.DirectoryServices.DirectoryEntry.Bind()" & vbCrLf & "   at System.DirectoryServices.DirectoryEntry.get_NativeObject()" & vbCrLf & "   at ums.business.UsrMgmtBus.IsAuthenticatedByAD(String sUid, String sPwd) in C:\inetpub\wwwroot\ums\business\UsrMgmtBus.vb:line 127"

    Please help. Thanks a lot.
    Monday, September 26, 2016 10:19 AM

Answers

  • Hi, 

    Thanks. I have tried your code and still got error. I believe it is something mis-configure in the new server running windows 2012 R2.  I have selected the application running with .net 2.0 classic and 32 bit mode. Really desperate. Would you think of anything from the server side? 


    Well if there is an issue with the Windows Server 2012 r2 configuration perhaps rather than display code you should describe the issue you are having with your program in that it works for Windows 2000 but not Windows Server 2012 r2 in one of these two forums Windows Server 2012 General or Windows Server 2012 Essentials but not both just because you want an answer. I don't know what the Essentials forum is for.

    Maybe in one of those forums somebody will know why a program that could do something on Windows 2000 can not on Windows Server 2012 r2.


    La vida loca

    Tuesday, September 27, 2016 5:51 PM

All replies

  • Well if the issue has nothing to do with the configuration of the Windows Server 2012 r2 regarding LDAP and Directory Services or Security or something else misconfigured causing the issue I have no idea.

    Active Directory Lightweight Directory Services Overview - Updated: February 29, 2012 - Applies To: Windows Server 2012

    However at this link in C# Howto: (Almost) Everything In Active Directory via C# (from 2008) I found code converted to VB.Net using Telerik. It is the code, below your code, in the code window below. It seems much different from your code. Whether it will work or not or if it does the same thing your code does I don't know that either.

    My suspicion would be the Windows Server 2012 r2 system is not configured correctly somewhere.

    ' Below code is your code.
    
    
                Private Function IsAuthenticatedByAD(ByVal sUid As String, ByVal sPwd As String) As Boolean
    
                 Dim direntRoot As DirectoryEntry, direntUsr As DirectoryEntry
                 Dim sDomain As String, sDomainAndUid As String
                 Dim dirsrchUsr As DirectorySearcher, oNative As Object
    
                 direntRoot = New DirectoryEntry("LDAP://rootDSE")
                 sDomain = direntRoot.Properties("DefaultNamingContext")(0)
    
                 sDomainAndUid = String.Format("{0}\{1}", sDomain, sUid)
                 direntUsr = New DirectoryEntry(direntRoot.Path, sDomainAndUid, sPwd)
    
                 Try
                     oNative = direntUsr.NativeObject
                 Catch ex As Exception
                     Return False
                 End Try
    
                 Return True
    
                 End Function
    
    
    ' Below code converted from C# to VB.Net from link provided.
    
    
    Private Function Authenticate(userName As String, password As String, domain As String) As Boolean
    	Dim authentic As Boolean = False
    	Try
    		Dim entry As New DirectoryEntry(Convert.ToString("LDAP://") & domain, userName, password)
    		Dim nativeObject As Object = entry.NativeObject
    		authentic = True
    	Catch generatedExceptionName As DirectoryServicesCOMException
    	End Try
    	Return authentic
    End Function


    La vida loca

    • Edited by Mr. Monkeyboy Monday, September 26, 2016 5:06 PM
    • Proposed as answer by Neda Zhang Tuesday, September 27, 2016 2:10 AM
    Monday, September 26, 2016 5:03 PM
  • Thanks for your advice. I will check and try. Cheers.
    Tuesday, September 27, 2016 1:28 AM
  • Hi, 

    Thanks. I have tried your code and still got error. I believe it is something mis-configure in the new server running windows 2012 R2.  I have selected the application running with .net 2.0 classic and 32 bit mode. Really desperate. Would you think of anything from the server side? 


    Tuesday, September 27, 2016 9:28 AM
  • Hi, 

    Thanks. I have tried your code and still got error. I believe it is something mis-configure in the new server running windows 2012 R2.  I have selected the application running with .net 2.0 classic and 32 bit mode. Really desperate. Would you think of anything from the server side? 


    Well if there is an issue with the Windows Server 2012 r2 configuration perhaps rather than display code you should describe the issue you are having with your program in that it works for Windows 2000 but not Windows Server 2012 r2 in one of these two forums Windows Server 2012 General or Windows Server 2012 Essentials but not both just because you want an answer. I don't know what the Essentials forum is for.

    Maybe in one of those forums somebody will know why a program that could do something on Windows 2000 can not on Windows Server 2012 r2.


    La vida loca

    Tuesday, September 27, 2016 5:51 PM
  • Try using System.DirectoryServices.AccountManagement instead. Keep it simple at first to troubleshoot:

            Dim isValid As Boolean = False
    
            Try
                Dim principalContextObject = New PrincipalContext(System.DirectoryServices.AccountManagement.ContextType.Domain)
                isValid = principalContextObject.ValidateCredentials(userID, password)
            Catch ex As Exception
                '...
            End Try


    Paul ~~~~ Microsoft MVP (Visual Basic)

    Wednesday, September 28, 2016 1:28 PM