Querying Active Directory Application Mode (ADAM)...

[Brian McCullough]

Hello,

I am trying to query ADAM using the ActiveDirectoryMembershipProvider in my
ASP.NET 2.0 application, but have been unsuccessful. I have followed the
steps in these blog posts, but still am not able to query ADAM. Every time
I make a call to login, using the Membership.ValidateUser method, I keep
getting a false value. I have tried many different variations of the
username including "localhost\myuseraccount", "myuseraccount@localhost" ,
and just "myuseraccount", but none seem to work.

http://erlend.oftedal.no/blog/?blogid=6

http://blogs.msdn.com/donovanf/arch...bershipprovider-for-forms-authentication.aspx

I tried to see if I could just get a list of users using the
Membership.GetAllUsers() method, but this is returning 0 user accounts
(although I have 2 setup in ADAM).

I took another step back and just tried using the classes in the
System.DirectoryServices namespace to try to enumerate the objects in ADAM.
Again I was unsuccessful. Because I re-read the articles explaining how to
do this several times, and made sure my code was a match, I tried to backup
yet again, and put the code in a WinForms application. IT WORKED! So my
question is, why does the following code work in a WinForms application, but
not an ASP.NET application????? (my guess is something to do with Code
Access Security):

int portNumber = 389; // put the correct port number here.

String serverName = "localhost"; // put the correct servername here.

String partitionDir = "OU=Users,O=TestDirectory"; //put the correct
partition distinguished name.

DirectoryEntry ent = new

DirectoryEntry("LDAP://" + serverName + ":" + portNumber.ToString() + "/" +
partitionDir);

foreach (DirectoryEntry child in ent.Children)

{

Console.WriteLine(child.Name);

}

 

[Konstantinos Pantos]

Have you tried <identity impersonate="true" /> in your web config file ?
This means that the asp.net process that runs your web site will no longer
run under the Network Service account (Win2003) or ASPNET account in XP which
probably don't have access to your active directory, but with your credentials
(machine\user assuming your using windows authentication <authentication
mode="Windows" />) which probably do have access to ADAM.
You could also have a look at http://blogs.msdn.com/alikl/archive...rough-physical-tiers-protocol-transition.aspx
where it investigates a senario similar to your own.

HTH,

--
Konstantinos Pantos,
Software Engineer
Microsoft MVP [ASP.NET]
http://kostas.pantos.name
http://blog.pantos.name

 

[Brian McCullough]

I have changed my Web.Config to impersonate my user account (which has
Administrator rights on the box), now I am not getting the COM Exception
errors I was getting before, but when I try to enumerate the children (same
code I originally posted), I am getting a 0 Count value... Sort of like I
get when I use the Membership.GetAllUsers() method to get all the users.

Is there something else I am missting to be able to get my ASP.NET
application working with ADAM?

TIA!

Have you tried <identity impersonate="true" /> in your web config file ?
This means that the asp.net process that runs your web site will no longer
run under the Network Service account (Win2003) or ASPNET account in XP
which probably don't have access to your active directory, but with your
credentials (machine\user assuming your using windows authentication
<authentication mode="Windows" />) which probably do have access to ADAM.
You could also have a look at
http://blogs.msdn.com/alikl/archive...rough-physical-tiers-protocol-transition.aspx
where it investigates a senario similar to your own.

HTH,

--
Konstantinos Pantos,
Software Engineer
Microsoft MVP [ASP.NET]
http://kostas.pantos.name
http://blog.pantos.name

Hello,

I am trying to query ADAM using the ActiveDirectoryMembershipProvider
in my ASP.NET 2.0 application, but have been unsuccessful. I have
followed the steps in these blog posts, but still am not able to query
ADAM. Every time I make a call to login, using the
Membership.ValidateUser method, I keep getting a false value. I have
tried many different variations of the username including
"localhost\myuseraccount", "myuseraccount@localhost" , and just
"myuseraccount", but none seem to work.

http://erlend.oftedal.no/blog/?blogid=6

http://blogs.msdn.com/donovanf/archive/2006/11/14/using-adam-with-acti
vedirectorymembershipprovider-for-forms-authentication.aspx

I tried to see if I could just get a list of users using the
Membership.GetAllUsers() method, but this is returning 0 user accounts
(although I have 2 setup in ADAM).

I took another step back and just tried using the classes in the
System.DirectoryServices namespace to try to enumerate the objects in
ADAM. Again I was unsuccessful. Because I re-read the articles
explaining how to do this several times, and made sure my code was a
match, I tried to backup yet again, and put the code in a WinForms
application. IT WORKED! So my question is, why does the following
code work in a WinForms application, but not an ASP.NET
application????? (my guess is something to do with Code Access
Security):

int portNumber = 389; // put the correct port number here.

String serverName = "localhost"; // put the correct servername here.

String partitionDir = "OU=Users,O=TestDirectory"; //put the correct
partition distinguished name.

DirectoryEntry ent = new

DirectoryEntry("LDAP://" + serverName + ":" + portNumber.ToString() +
"/" + partitionDir);

foreach (DirectoryEntry child in ent.Children)

{

Console.WriteLine(child.Name);

}

 

[Guest]

I have changed my Web.Config to impersonate my user account (which has
Administrator rights on the box), now I am not getting the COM Exception
errors I was getting before, but when I try to enumerate the children (same
code I originally posted), I am getting a 0 Count value... Sort of like I
get when I use the Membership.GetAllUsers() method to get all the users.

Is there something else I am missting to be able to get my ASP.NET
application working with ADAM?

TIA!

Have you tried <identity impersonate="true" /> in your web config file ?
This means that the asp.net process that runs your web site will no longer
run under the Network Service account (Win2003) or ASPNET account in XP
which probably don't have access to your active directory, but with your
credentials (machine\user assuming your using windows authentication
<authentication mode="Windows" />) which probably do have access to ADAM.
You could also have a look at
http://blogs.msdn.com/alikl/archive/2007/04/10/identity-flow-through-...
where it investigates a senario similar to your own.

HTH,

--
Konstantinos Pantos,
Software Engineer
Microsoft MVP [ASP.NET]
http://kostas.pantos.name
http://blog.pantos.name

Hello,
I am trying to query ADAM using the ActiveDirectoryMembershipProvider
in my ASP.NET 2.0 application, but have been unsuccessful. I have
followed the steps in these blog posts, but still am not able to query
ADAM. Every time I make a call to login, using the
Membership.ValidateUser method, I keep getting a false value. I have
tried many different variations of the username including
"localhost\myuseraccount", "myuseraccount@localhost" , and just
"myuseraccount", but none seem to work.
http://erlend.oftedal.no/blog/?blogid=6
http://blogs.msdn.com/donovanf/archive/2006/11/14/using-adam-with-acti
vedirectorymembershipprovider-for-forms-authentication.aspx
I tried to see if I could just get a list of users using the
Membership.GetAllUsers() method, but this is returning 0 user accounts
(although I have 2 setup in ADAM).
I took another step back and just tried using the classes in the
System.DirectoryServices namespace to try to enumerate the objects in
ADAM. Again I was unsuccessful. Because I re-read the articles
explaining how to do this several times, and made sure my code was a
match, I tried to backup yet again, and put the code in a WinForms
application. IT WORKED! So my question is, why does the following
code work in a WinForms application, but not an ASP.NET
application????? (my guess is something to do with Code Access
Security):
int portNumber = 389; // put the correct port number here.
String serverName = "localhost"; // put the correct servername here.
String partitionDir = "OU=Users,O=TestDirectory"; //put the correct
partition distinguished name.
DirectoryEntry ent = new
DirectoryEntry("LDAP://" + serverName + ":" + portNumber.ToString() +
"/" + partitionDir);
foreach (DirectoryEntry child in ent.Children)
{
Console.WriteLine(child.Name);
}- Hide quoted text -

- Show quoted text -

I have never used that ADAM but sounds like you have a security
problem

What authentication mode do you have in your web.config and what what
authentication method is defined in IIS (Properties - Directory
Security - Authentication Method)?