locked
LDAP works on Development Server but not on Windows Server 2008 RRS feed

  • Question

  • User-299267702 posted

    Hi,

    I'm working on a solutions that require to get the windows authentication identity via Asp.net. It works perfectly on the development server as it retrieved my windows identity

    However, things turns around when it comes to the server side. I can't seemed to find the problem.

    These are my settings,

    Server IIS 7.0

    Windows Authentication enabled

    Application Pool= Network Service

    Loaduserprofile is set to true.

    On the code side would be

    System.Threading.Thread.GetDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal)
            Dim pl As New WindowsPrincipal(System.Threading.Thread.CurrentPrincipal.Identity)

            Dim pr As New PrincipalContext(ContextType.Domain)
            Dim up As UserPrincipal = UserPrincipal.FindByIdentity(pr, pl.Identity.Name)
            Dim cn As String = "The LDAP connection works"



            Dim dssearch As New System.DirectoryServices.DirectorySearcher
            Dim sresult As System.DirectoryServices.SearchResult
            Dim dresult As System.DirectoryServices.DirectoryEntry

            dssearch = New System.DirectoryServices.DirectorySearcher(cn)
            dssearch.Filter = "(userPrincipalName=" & up.UserPrincipalName & ")"
            sresult = dssearch.FindOne()
            dresult = sresult.GetDirectoryEntry()

            txt_givenname.Text = up.GivenName
            txt_lastname.Text = up.Surname
            txt_loginname.Text = pl.Identity.Name
            txt_email.Text = up.EmailAddress
            txt_department.Text = dresult.Properties("department").Value.ToString()


    Configuration check results:

    Configurations check is

    .NET version is: 2.0.50727.5466

    Identity is:

    Authentication is: False

    Application Pool Identity is: NT AUTHORITY\NETWORK SERVICE

    Identity Authentication Type is: Negotiate



    Error would be:

    The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.ArgumentException: The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:


    [ArgumentException: The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.]
    System.DirectoryServices.ResultsEnumerator.MoveNext() +437089
    System.DirectoryServices.SearchResultCollection.get_InnerList() +162
    System.DirectoryServices.SearchResultCollection.get_Count() +9
    System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory) +2002
    System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate) +85
    System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +221
    System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) +81
    System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +42
    service_request_portal.contactus.LoadRequest() +200
    System.Web.UI.Control.OnLoad(EventArgs e) +132
    System.Web.UI.Control.LoadRecursive() +66
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

    From my side, it's seems that profile didn't load, but i'm plucking out my hair because of that issue.

    Can some please enlighten me?

    Thank you!

    Wednesday, August 21, 2013 3:30 AM

Answers

  • User1508394307 posted

    Things to check

    1) what is set in the web.config, windows authentication?

    <authentication mode="Windows" />
    <authorization>
       <deny users="?"/>
    </authorization>
    <identity impersonate="false" />

    2) Is anonymous access in IIS disabled?
    3) Try HttpConext.Current.User instead of Thread.CurrentPrincipal

    dssearch.Filter = "(userPrincipalName=" & User.Identity.Name.Split("\".ToCharArray())(1) & ")"
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, August 21, 2013 2:14 PM

All replies

  • User-299267702 posted

    When i replace pl.Identity.Name using my hardcoded Identity name, it works and the application runs.

    So the issue is in i'm not getting the identity.Name

    Wednesday, August 21, 2013 4:23 AM
  • User1508394307 posted

    Things to check

    1) what is set in the web.config, windows authentication?

    <authentication mode="Windows" />
    <authorization>
       <deny users="?"/>
    </authorization>
    <identity impersonate="false" />

    2) Is anonymous access in IIS disabled?
    3) Try HttpConext.Current.User instead of Thread.CurrentPrincipal

    dssearch.Filter = "(userPrincipalName=" & User.Identity.Name.Split("\".ToCharArray())(1) & ")"
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, August 21, 2013 2:14 PM
  • User-299267702 posted

    Hi smirov,

    It now works. 

    I'm missing 

    <identity impersonate="false" />

    I thought impersonate is false by default? Cause, i remember my IIS ASP.NET Impersonation is disabled.

    Thanks!

    Wednesday, August 21, 2013 9:18 PM