locked
AD and Deployment problem RRS feed

  • Question

  • User-1257462448 posted

    Hi,

    I have developed a project where I use AD to authenticate users via a form. It's working fine when I build it from VS 2005 but when I deploy it to server it's not working. I can authenticate users but I can't get user's first and last name. I have the code below, if you can let me know what I'm doing wrong, I'll appreciate.

    Imports System

    Imports System.Data

    Imports System.Text

    Imports System.Configuration

    Imports System.Collections

    Imports System.Web

    Imports System.Web.Security

    Imports System.Web.UI

    Imports System.Web.UI.WebControls

    Imports System.Web.UI.WebControls.Login

    Imports System.Web.UI.WebControls.WebParts

    Imports System.Web.UI.HtmlControls

    Imports System.DirectoryServices

    Imports System.Web.Security.ActiveDirectoryMembershipProvider

    Partial Class _Default

    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

     

    'To retrieve list of all LDAP users

    Dim logonuser = User.Identity.Name

    Dim sServerName As String = "mail"

    Dim oRoot As DirectoryEntry = New DirectoryEntry(LDAP://my ldap)

    Dim oSearcher As DirectorySearcher = New DirectorySearcher(oRoot)

    Dim oResults As SearchResultCollection

    Dim oResult As SearchResult

    Try

    oSearcher.PropertiesToLoad.Add(

    "cn")

    oSearcher.Filter = (

    "(&(objectClass=user)(samaccountname=" & logonuser & "))")

    oResults = oSearcher.FindAll

    For Each oResult In oResults

    'Label which displays current user's first and last name

    Getname.Text = oResult.GetDirectoryEntry().Properties("cn").Value

    Next

    Catch

    End Try

     

    End Sub

     

    End Class

    Thursday, October 19, 2006 1:33 PM

Answers

  • User-1257462448 posted

    Ryan Dunn send me this post in directoryprogramming.net

    The issue is with your security credentials.  Remember to ask yourself what your security context is when the application is running.  If it is a local account (like ASPNET or NETWORK SERVICE) it doesn't have access to AD.  To fix this, simply run the app under a domain identity,

    The easiest way is the app pool in IIS6 - just set the identity to a domain account (service account, not necessary to be admin in AD) and add that domain account to the IIS_WPG group on the local machine.  There are other techniques, but this one is pretty much the easiest.

    Ryan Dunn
    Extemporaneous Mumblings
    The .NET Developer's Guide to Directory Services Programming
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 23, 2006 1:11 PM

All replies

  • User-1257462448 posted

    Ryan Dunn send me this post in directoryprogramming.net

    The issue is with your security credentials.  Remember to ask yourself what your security context is when the application is running.  If it is a local account (like ASPNET or NETWORK SERVICE) it doesn't have access to AD.  To fix this, simply run the app under a domain identity,

    The easiest way is the app pool in IIS6 - just set the identity to a domain account (service account, not necessary to be admin in AD) and add that domain account to the IIS_WPG group on the local machine.  There are other techniques, but this one is pretty much the easiest.

    Ryan Dunn
    Extemporaneous Mumblings
    The .NET Developer's Guide to Directory Services Programming
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 23, 2006 1:11 PM
  • User-380787955 posted

    I am having the same problem our web server is IIS5.0 since there is no app pool in IIS5 is there another workaround.

    Thanks

    Thursday, November 2, 2006 7:33 PM
  • User-1257462448 posted

    There is no app pool in IIS 5.1 or 5, but there is an equivalent method that will work.  Simply set the Anonymous account for the vdir to be the domain service account and put <identity impersonate="true"/> in the web.config.  Assuming you have anonymous access enabled, it will use this account for unmanaged security context.

     

    Friday, December 1, 2006 2:39 PM
  • User1906119755 posted

    Ok, I have the same problem, but a different scenario.  I have a web application developed in 2.0.  The web config file is setup for Windows authentication and to impersonate.  Then the application is setup on a web server with IIS 6.0.  In IIS the application is set for Integrated Windows authentication and Digest Windows authentication.  Anonymous access is turned off.  The Active Directory server is separate from the web server, so I know that is causing a double hop issue between client --> web server --> AD server.  However, I don't know how to fix it.  I have an application pool setup for just this application and I tried changing the identity to a user account and adding that account to the IIS_WGM on the web server.  That ended up making the application prompt the user for a username and password.  Any suggestions for my situation.

    Wednesday, December 6, 2006 2:41 PM
  • User1906119755 posted
    Problem solved.  I changed the directory security of the aspx pages that specifically needed rights for the second hop.  I allowed anonymous access and specified a domain user.  That took care of the problem.
    Thursday, December 7, 2006 12:37 PM