Adsi query requires impersonation *and* service account credentials?

Email lists > Building Dot Net Applications for the web

Thread: Adsi query requires impersonation and service account credentials?

Search this list only Search all lists
Adsi query requires impersonation and service account credentials?
	2006-05-08 20:08:43
Greetings All, I've got an asp.net v1.1 app that includes the following function, which translates a domain username into a full name: ' ======================================== Public Function GetFullName(ByVal UserName As String) As String Dim usr As New sdi.DirectoryEntry("LDAP://OU=prod, OU=GHCUsers, dc=ghcmaster, dc=ghc, dc=org", AD_USERNAME, AD_PASSWORD) usr.AuthenticationType = sdi.AuthenticationTypes.ServerBind Dim ds As New sdi.DirectorySearcher(usr) With ds .PropertiesToLoad.Add("GivenName") .PropertiesToLoad.Add("sn") .Filter = "(anr=" & UserName & ")" End With Dim sr As sdi.SearchResult = ds.FindOne If sr Is Nothing Then Return "" Else Return sr.Properties("GivenName")(0).ToString() & " " & sr.Properties("sn")(0).ToString End If End Function ' ======================================== Where AD_USERNAME and AD_PASSWORD are credentials for a service account created for the purpose of connecting to our Active Directory. I expected that to work regardless of the user identity under which the asp.net process was running, since I'm passing explicit credentials to the AD. But I'm finding that in order to get this to work, I've got to: - Disable anonymous logins on the 'directory security' tab of the virtual directory, AND - set <identity impersonate="true" /> in web.config. If I leave out either of those steps, my function fails with the error "The specified domain either does not exist or could not be contacted" on the call to FindOne(). If I include both of those steps, and then leave out the domain credentials, it fails with the same error. This has to be a misconfiguration somwhere, right? I don't want my app to have to impersonate the browsing user... Can anyone advise? Thanks! -Roy =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com

Adsi query requires impersonation and service account credentials?
	2006-05-09 01:32:05
AuthenticationType = ServerBind is your problem. I don't have my ADSI stuff with me, but changing that to a different type of authentication (can't remember which one) will allow it to only authenticate with the provided credentials. Thanks, Shawn Wildermuth http://adoguy.com C# MVP, MCSD.NET, Author and Speaker -----Original Message----- From: Discussion of building .NET applications targeted for the Web [mailtoOTNET-WE BDISCUSS.DEVELOP.COM] On Behalf Of Pardee, Roy Sent: Monday, May 08, 2006 4:09 PM To: DOTNET-WEBDISCUSS.DEVELOP.COM Subject: [DOTNET-WEB] Adsi query requires impersonation and service account credentials? Greetings All, I've got an asp.net v1.1 app that includes the following function, which translates a domain username into a full name: ' ======================================== Public Function GetFullName(ByVal UserName As String) As String Dim usr As New sdi.DirectoryEntry("LDAP://OU=prod, OU=GHCUsers, dc=ghcmaster, dc=ghc, dc=org", AD_USERNAME, AD_PASSWORD) usr.AuthenticationType = sdi.AuthenticationTypes.ServerBind Dim ds As New sdi.DirectorySearcher(usr) With ds .PropertiesToLoad.Add("GivenName") .PropertiesToLoad.Add("sn") .Filter = "(anr=" & UserName & ")" End With Dim sr As sdi.SearchResult = ds.FindOne If sr Is Nothing Then Return "" Else Return sr.Properties("GivenName")(0).ToString() & " " & sr.Properties("sn")(0).ToString End If End Function ' ======================================== Where AD_USERNAME and AD_PASSWORD are credentials for a service account created for the purpose of connecting to our Active Directory. I expected that to work regardless of the user identity under which the asp.net process was running, since I'm passing explicit credentials to the AD. But I'm finding that in order to get this to work, I've got to: - Disable anonymous logins on the 'directory security' tab of the virtual directory, AND - set <identity impersonate="true" /> in web.config. If I leave out either of those steps, my function fails with the error "The specified domain either does not exist or could not be contacted" on the call to FindOne(). If I include both of those steps, and then leave out the domain credentials, it fails with the same error. This has to be a misconfiguration somwhere, right? I don't want my app to have to impersonate the browsing user... Can anyone advise? Thanks! -Roy =================================== This list is hosted by DevelopMentor. http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES