Failed forms authentication with LDAP

Discussion in 'ASP .Net Security' started by Lino Garcia, Sep 29, 2005.

  1. Lino Garcia

    Lino Garcia Guest

    Hi,
    I'm using the walkthrough described in
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp

    and I followed step by step.

    However, when I try with a valid AD account/password combination the code
    always throws an exception in the line


    Object obj = entry.NativeObject;

    The full exception message is:

    "System.Runtime.InteropServices.COMException (0x8007202B): A referral was
    returned from the server\r\n at
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at
    System.DirectoryServices.DirectoryEntry.Bind()\r\n at
    System.DirectoryServices.DirectoryEntry.get_NativeObject()\r\n at
    AdminBuros.DAL.LDAPAuthentication.IsAuthenticated(String domain, String
    username, String pwd) in
    c:\\administracionburos\\dal\\adminburos.dal\\ldapauthentication.cs:line 38"

    If I try with an invalid AD account/password, arises another exception:

    "System.Runtime.InteropServices.COMException (0x8007052E): Logon failure:
    unknown user name or bad password\r\n at
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at
    System.DirectoryServices.DirectoryEntry.Bind()\r\n at
    System.DirectoryServices.DirectoryEntry.get_NativeObject()\r\n at
    AdminBuros.DAL.LDAPAuthentication.IsAuthenticated(String domain, String
    username, String pwd) in
    c:\\administracionburos\\dal\\adminburos.dal\\ldapauthentication.cs:line 38"


    My environment is a development environment, AD in a Windows 2000 Server and
    my ASP.NET application running in XP Pro SP2 machine. The <processmodel>
    setting in machine.config is configured to : SYSTEM.
    The setting :
    <identity impersonate="true" />
    is present in my web.config file.

    The IIS virtual directory is configured as an IIS application with :

    -Execute Permissions : Script Only
    -Application Protection : Medium (Pooled)
    -Authentication Methods:
    * Anonymous Access, configured with a valid domain account. The MSDN article
    I mentioned does not specify if this account could be a domain or local
    account, just that it has to be a less privileged account.
    * Integrated Windows Authentication

    The code from the MSDN article was copied to a C# class type .NET project,
    which in turn is called by an ASP.NET web form which makes a project type
    reference to the class project.
    I've not tried the code from a windows form application however.

    Can somebody give me a hint about what's happening?

    Best regards.
    Lino Garcia, Sep 29, 2005
    #1
    1. Advertising

  2. Lino are you still getting the error?
    Patrick

    "Lino Garcia" <Lino > wrote in message
    news:...
    > Hi,
    > I'm using the walkthrough described in
    >

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp
    >
    > and I followed step by step.
    >
    > However, when I try with a valid AD account/password combination the code
    > always throws an exception in the line
    >
    >
    > Object obj = entry.NativeObject;
    >
    > The full exception message is:
    >
    > "System.Runtime.InteropServices.COMException (0x8007202B): A referral was
    > returned from the server\r\n at
    > System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at
    > System.DirectoryServices.DirectoryEntry.Bind()\r\n at
    > System.DirectoryServices.DirectoryEntry.get_NativeObject()\r\n at
    > AdminBuros.DAL.LDAPAuthentication.IsAuthenticated(String domain, String
    > username, String pwd) in
    > c:\\administracionburos\\dal\\adminburos.dal\\ldapauthentication.cs:line

    38"
    >
    > If I try with an invalid AD account/password, arises another exception:
    >
    > "System.Runtime.InteropServices.COMException (0x8007052E): Logon failure:
    > unknown user name or bad password\r\n at
    > System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at
    > System.DirectoryServices.DirectoryEntry.Bind()\r\n at
    > System.DirectoryServices.DirectoryEntry.get_NativeObject()\r\n at
    > AdminBuros.DAL.LDAPAuthentication.IsAuthenticated(String domain, String
    > username, String pwd) in
    > c:\\administracionburos\\dal\\adminburos.dal\\ldapauthentication.cs:line

    38"
    >
    >
    > My environment is a development environment, AD in a Windows 2000 Server

    and
    > my ASP.NET application running in XP Pro SP2 machine. The <processmodel>
    > setting in machine.config is configured to : SYSTEM.
    > The setting :
    > <identity impersonate="true" />
    > is present in my web.config file.
    >
    > The IIS virtual directory is configured as an IIS application with :
    >
    > -Execute Permissions : Script Only
    > -Application Protection : Medium (Pooled)
    > -Authentication Methods:
    > * Anonymous Access, configured with a valid domain account. The MSDN

    article
    > I mentioned does not specify if this account could be a domain or local
    > account, just that it has to be a less privileged account.
    > * Integrated Windows Authentication
    >
    > The code from the MSDN article was copied to a C# class type .NET project,
    > which in turn is called by an ASP.NET web form which makes a project type
    > reference to the class project.
    > I've not tried the code from a windows form application however.
    >
    > Can somebody give me a hint about what's happening?
    >
    > Best regards.
    >
    >
    Patrick.O.Ige, Oct 31, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,388
    Tommy
    Feb 13, 2004
  2. Tdar
    Replies:
    2
    Views:
    8,892
    Arnel
    Oct 11, 2005
  3. =?Utf-8?B?TGlubyBHYXJjaWE=?=

    Failed forms authentication with LDAP

    =?Utf-8?B?TGlubyBHYXJjaWE=?=, Sep 30, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    569
    =?Utf-8?B?TGlubyBHYXJjaWE=?=
    Sep 30, 2005
  4. Ken Dourado

    Active Directory, LDAP and Forms Authentication Problem

    Ken Dourado, Nov 10, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    189
    Ken Dourado
    Nov 10, 2003
  5. Eric
    Replies:
    2
    Views:
    462
Loading...

Share This Page