LDAP lookup: fails on remote computers -- Please help

Discussion in 'ASP .Net' started by Jay, Apr 28, 2004.

  1. Jay

    Jay Guest

    I have a simple LDAP query (grabs all users from a particular AD group and
    populates a checkboxlist) that works perfectly fine on the development
    machine logged on locally as any user. When I access the website and run
    the query from a client however the query fails to run. Someone please
    help?

    Here's the code for the query (in CheckBoxListsFill sub):

    'Impersonate the Windows AD user running the application
    Dim impersonationContext As
    System.Security.Principal.WindowsImpersonationContext
    Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
    currentWindowsIdentity = CType(User.Identity,
    System.Security.Principal.WindowsIdentity)
    impersonationContext = currentWindowsIdentity.Impersonate()

    Try
    'Fill Approvers checkbox lists from AD LDAP
    'Get all users in the G_SCA_Change_Control_Approvers group
    Dim Approvers_entry As New
    DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca,DC
    =hin,DC=sk,DC=ca")
    Dim Approvers_result As String
    Dim entry As New DirectoryEntry("LDAP://SCA")
    Dim searcher As New DirectorySearcher(entry)
    Dim result As SearchResult
    Dim results As SearchResultCollection
    searcher.PropertiesToLoad.Add("samAccountName")

    'Get the members of the group
    For Each Approvers_result In Approvers_entry.Properties("member")
    Approvers_result = Approvers_result.ToString.Split(",")(0)
    Approvers_result = Approvers_result.ToString.Split("=")(1)
    'Find the samAccountName of the current Approvers_result
    searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result &
    "))")
    result = searcher.FindOne
    cblApprovers.Items.Add(New
    ListItem(result.Properties("samAccountName")(0).ToString))
    Next

    Catch ex As Exception
    Response.Write(ex.Message)
    End Try
    impersonationContext.Undo()

    And here's the error message I get as any remote client running the web
    page:

    Source Error:

    An unhandled exception was generated during the execution of the
    current web request. Information regarding the origin and location of the
    exception can be identified using the exception stack trace below.

    Stack Trace:

    [COMException (0x80072020): An operations error occurred]
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +513
    System.DirectoryServices.DirectoryEntry.Bind() +10
    System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
    System.DirectoryServices.PropertyValueCollection.PopulateList() +234
    System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
    +45
    Change_Request.frmNewRequest.CheckBoxListsFill() +210
    Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
    System.Web.UI.Control.OnLoad(EventArgs e) +67
    System.Web.UI.Control.LoadRecursive() +35
    System.Web.UI.Page.ProcessRequestMain() +731

    Like I said, any help in this would be very very much appreciated.

    Thanks in advance,

    Jason
     
    Jay, Apr 28, 2004
    #1
    1. Advertising

  2. Jay

    Natty Gur Guest

    Natty Gur, Apr 29, 2004
    #2
    1. Advertising

  3. Jay

    Jay Guest

    I've looked in the 'rights' section in user manager and nothing jumps out at
    me as to which right the aspnet user requires. I couldn't find anything on
    the provide link either. Could you be more specific please?

    Thanks again,

    Jay

    "Natty Gur" <> wrote in message
    news:...
    > Hi,
    >
    > As far as I know the default ASP.NET user doesn't have rights to access
    > remote LDAP. You need to set user with right permissions.
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetse
    > c/html/threatcounter.asp
    >
    > Natty Gur[MVP]
    >
    > blog : http://weblogs.asp.net/ngur
    > Mobile: +972-(0)58-888377
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
     
    Jay, Apr 29, 2004
    #3
  4. Jay

    bruce barker Guest

    unless you are using digest (and have delagation turned on), credentials
    will not delegate. you will have to have your code impersonate a primary
    token with access to the ad.

    -- bruce (sqlwork.com)



    "Jay" <> wrote in message
    news:...
    > I have a simple LDAP query (grabs all users from a particular AD group and
    > populates a checkboxlist) that works perfectly fine on the development
    > machine logged on locally as any user. When I access the website and run
    > the query from a client however the query fails to run. Someone please
    > help?
    >
    > Here's the code for the query (in CheckBoxListsFill sub):
    >
    > 'Impersonate the Windows AD user running the application
    > Dim impersonationContext As
    > System.Security.Principal.WindowsImpersonationContext
    > Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
    > currentWindowsIdentity = CType(User.Identity,
    > System.Security.Principal.WindowsIdentity)
    > impersonationContext = currentWindowsIdentity.Impersonate()
    >
    > Try
    > 'Fill Approvers checkbox lists from AD LDAP
    > 'Get all users in the G_SCA_Change_Control_Approvers group
    > Dim Approvers_entry As New
    >

    DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca,DC
    > =hin,DC=sk,DC=ca")
    > Dim Approvers_result As String
    > Dim entry As New DirectoryEntry("LDAP://SCA")
    > Dim searcher As New DirectorySearcher(entry)
    > Dim result As SearchResult
    > Dim results As SearchResultCollection
    > searcher.PropertiesToLoad.Add("samAccountName")
    >
    > 'Get the members of the group
    > For Each Approvers_result In Approvers_entry.Properties("member")
    > Approvers_result = Approvers_result.ToString.Split(",")(0)
    > Approvers_result = Approvers_result.ToString.Split("=")(1)
    > 'Find the samAccountName of the current Approvers_result
    > searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result

    &
    > "))")
    > result = searcher.FindOne
    > cblApprovers.Items.Add(New
    > ListItem(result.Properties("samAccountName")(0).ToString))
    > Next
    >
    > Catch ex As Exception
    > Response.Write(ex.Message)
    > End Try
    > impersonationContext.Undo()
    >
    > And here's the error message I get as any remote client running the web
    > page:
    >
    > Source Error:
    >
    > An unhandled exception was generated during the execution of the
    > current web request. Information regarding the origin and location of the
    > exception can be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [COMException (0x80072020): An operations error occurred]
    > System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +513
    > System.DirectoryServices.DirectoryEntry.Bind() +10
    > System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
    > System.DirectoryServices.PropertyValueCollection.PopulateList() +234
    > System.DirectoryServices.PropertyCollection.get_Item(String

    propertyName)
    > +45
    > Change_Request.frmNewRequest.CheckBoxListsFill() +210
    > Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
    > System.Web.UI.Control.OnLoad(EventArgs e) +67
    > System.Web.UI.Control.LoadRecursive() +35
    > System.Web.UI.Page.ProcessRequestMain() +731
    >
    > Like I said, any help in this would be very very much appreciated.
    >
    > Thanks in advance,
    >
    > Jason
    >
    >
     
    bruce barker, Apr 29, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris
    Replies:
    1
    Views:
    338
    Veronica Jacobs
    Jun 1, 2004
  2. Chris
    Replies:
    2
    Views:
    428
    Boudewijn Dijkstra
    Jan 8, 2005
  3. dylpkls91
    Replies:
    16
    Views:
    609
    dylpkls91
    Jul 19, 2006
  4. M. Posseth

    Forms authentication fails on a few computers :-(

    M. Posseth, May 29, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    184
    M. Posseth
    May 30, 2004
  5. M. Posseth
    Replies:
    1
    Views:
    162
    M. Posseth
    Jul 5, 2004
Loading...

Share This Page