locked
Cross Domain Active Directory Authentication using PrincipalContext RRS feed

  • Question

  • User148951339 posted

    We have a .net web application hosted at Rackspace. Some users need to be authenticated across an AD domain that is different from Rackspace.

    My code looks like this              

    using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, mydomain))
                        {
                            // validate the credentials
                            ValidUser = pc.ValidateCredentials(UserName, Password);                         
                        }
    //some code

    I am getting the error : LDAP server is unavailable. The server could not be contacted.

    Now I have tried the following versions for mydomain string with no luck:

    mydomain
    mydomain.org
    domainIPaddress 

    What is the issue here?

    Friday, June 6, 2014 11:53 AM

Answers

  • User-718146471 posted

    I think in this situation if LDAP is absolutely essential, you may need to consider a VPS (virtual private server).  Generally, with internet authentication, we usually will use the in-built roles authentication that is part of asp.net and in some cases the newer ASP.NET Identity system which lets you tie into authentication schemes like Facebook, Google, etc.  This may do what you need, again might do it:

    http://www.asp.net/identity

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, June 6, 2014 12:56 PM

All replies

  • User-718146471 posted

    I am not sure you can do that; the two AD forests do not have a trust relationship built and I sincerely doubt Rackspace is even using AD for web applications.  Have you contacted their support to see if they indeed support that?  Because you would need to create teh trust relationship between them and open a firewall port to allow communication between both your AD and Rackspace.

    Friday, June 6, 2014 11:57 AM
  • User148951339 posted

    Thank you for a quick reply, bbcompent1. Rackspace says they do not support LDAP on the server. How do I authenticate users in such case?

    Friday, June 6, 2014 12:50 PM
  • User-718146471 posted

    I think in this situation if LDAP is absolutely essential, you may need to consider a VPS (virtual private server).  Generally, with internet authentication, we usually will use the in-built roles authentication that is part of asp.net and in some cases the newer ASP.NET Identity system which lets you tie into authentication schemes like Facebook, Google, etc.  This may do what you need, again might do it:

    http://www.asp.net/identity

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, June 6, 2014 12:56 PM
  • User148951339 posted

    Well, after troubleshooting for some time, we were told that we were given a wrong ldap domain name! Also, looks like PrincipalContext only works against Active Directory. DirectoryEntry saved our day. Below is the code that worked:

                        try
                        {
                            //domainName is something like ldap.abc.com, UserName is domain\username
                            DirectoryEntry entry = new DirectoryEntry("LDAP://" + domainName,
                                UserName, Password, AuthenticationTypes.Secure);     
                            object nativeObject = entry.NativeObject;

    //some code } catch (System.Runtime.InteropServices.COMException e) { //do something }

    Thank you, bbcompent1 for your input.

    Tuesday, June 10, 2014 1:56 PM
  • User-718146471 posted

    Well glad to hear it worked out for you in the end :)

    Tuesday, June 10, 2014 2:00 PM