Active Directory authentication

Discussion in 'ASP .Net' started by =?Utf-8?B?QlVCQkxFVEFMSzI2MA==?=, May 30, 2007.

  1. Hello. I am writing an application that uses Active Directory and needs to
    grab user information. I pass user email addresses and and get back a
    userInfo structure with AD information. My issue is that for some users it
    works, and others it doesn't. I saw in my traces that in the failing
    instances that the authentication is 'negotiate' although I explicitly set it
    to Windows under IIS.

    Thanks
    javabean260
    =?Utf-8?B?QlVCQkxFVEFMSzI2MA==?=, May 30, 2007
    #1
    1. Advertising

  2. On May 30, 8:01 pm, BUBBLETALK260
    <> wrote:
    > Hello. I am writing an application that uses Active Directory and needs to
    > grab user information. I pass user email addresses and and get back a
    > userInfo structure with AD information. My issue is that for some users it
    > works, and others it doesn't. I saw in my traces that in the failing
    > instances that the authentication is 'negotiate' although I explicitly set it
    > to Windows under IIS.


    If it's working for some users when the problem is probably in
    security or in the code. Can you send an example of how you make the
    request to AD?
    Alexey Smirnov, May 30, 2007
    #2
    1. Advertising

  3. Here is an example of how I am making a request to AD

    HttpContext.Current.Trace.Warn("BEGIN--> Utilities: GetCurrentUserInfo()");

    SearchResult result = null;
    UserInfo userInfo = null;
    if (session[Constants.USER_INFO] != null)
    {
    userInfo = (UserInfo)session[Constants.USER_INFO];
    }
    else
    {
    string[] tmpUserName = fullUserName.Split(new char[] { '\\'
    });
    string userName = tmpUserName[tmpUserName.Length - 1];

    DirectoryEntry directoryEntry = new
    DirectoryEntry(ConfigurationManager.AppSettings["LDAP_ROOT"]);
    HttpContext.Current.Trace.Warn("Ldap Root: " +
    ConfigurationManager.AppSettings["LDAP_ROOT"]);
    if (directoryEntry == null)
    HttpContext.Current.Trace.Warn("directoryEntry is null");
    else HttpContext.Current.Trace.Warn("directoryEntry
    created.");
    DirectorySearcher directorySearcher = new
    DirectorySearcher(directoryEntry);
    if (directorySearcher == null)
    HttpContext.Current.Trace.Warn("directorySearcher is null");
    else HttpContext.Current.Trace.Warn("directorySearcher
    created.");
    directorySearcher.PropertiesToLoad.Add("mail");
    directorySearcher.PropertiesToLoad.Add("givenName");
    directorySearcher.PropertiesToLoad.Add("sn");
    directorySearcher.PropertiesToLoad.Add("description");
    directorySearcher.PropertiesToLoad.Add("sAMAccountName");
    directorySearcher.Filter = "sAMAccountName=" + userName;
    HttpContext.Current.Trace.Warn("properties added.");

    try
    {
    result = directorySearcher.FindOne();
    }
    catch(Exception exception){
    HttpContext.Current.Trace.Warn("FindOne() bombed");
    HttpContext.Current.Trace.Warn(exception.StackTrace);
    HttpContext.Current.Trace.Warn("Exception message " +
    exception.Message);
    }

    userInfo = LoadUserInfo(result);
    if (userInfo != null)
    {
    session[Constants.USER_INFO] = userInfo;
    }
    }
    if (userInfo == null) HttpContext.Current.Trace.Warn("userInfo
    is null");

    HttpContext.Current.Trace.Warn("END--> Utilities:
    GetCurrentUserInfo()");
    return userInfo;
    --
    javabean260


    "Alexey Smirnov" wrote:

    > On May 30, 8:01 pm, BUBBLETALK260
    > <> wrote:
    > > Hello. I am writing an application that uses Active Directory and needs to
    > > grab user information. I pass user email addresses and and get back a
    > > userInfo structure with AD information. My issue is that for some users it
    > > works, and others it doesn't. I saw in my traces that in the failing
    > > instances that the authentication is 'negotiate' although I explicitly set it
    > > to Windows under IIS.

    >
    > If it's working for some users when the problem is probably in
    > security or in the code. Can you send an example of how you make the
    > request to AD?
    >
    >
    =?Utf-8?B?QlVCQkxFVEFMSzI2MA==?=, May 30, 2007
    #3
  4. On May 30, 9:06 pm, BUBBLETALK260
    <> wrote:
    > Here is an example of how I am making a request to AD
    >
    > HttpContext.Current.Trace.Warn("BEGIN--> Utilities: GetCurrentUserInfo()");
    >


    The code is correct, I think. What error did you get when it's failed?
    Maybe the problem is in the binding string, or these users have
    different properties, I don't know...

    When I have a problem with AD, I use LDAP Browser
    (www.ldapbrowser.com). This tool helps to see directory structure
    using the same binding string and userid/password
    Alexey Smirnov, May 31, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Micheal

    Authentication on Active Directory

    Micheal, Jul 1, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    380
    Micheal
    Jul 1, 2003
  2. techfuzz
    Replies:
    1
    Views:
    1,329
    Yan-Hong Huang[MSFT]
    Aug 12, 2003
  3. Marty Underwood

    Forms Authentication +Active Directory +Roles

    Marty Underwood, Oct 29, 2003, in forum: ASP .Net
    Replies:
    4
    Views:
    704
    Marty Underwood
    Oct 30, 2003
  4. - Steve -
    Replies:
    7
    Views:
    2,371
    - Steve -
    Jun 4, 2004
  5. ejcosta
    Replies:
    2
    Views:
    866
    Eurico Costa
    Oct 8, 2004
Loading...

Share This Page