DotNetNewsgroup.com  
web access to complete list of Microsoft.NET newsgroups
   home   |   control panel login   |   archive  |  
 
  carried group
academic
adonet
aspnet
aspnet.announcements
aspnet.buildingcontrols
aspnet.caching
aspnet.datagridcontrol
aspnet.mobile
aspnet.security
aspnet.webcontrols
aspnet.webservices
assignment_manager
datatools
dotnet.distributed_apps
dotnet.general
dotnet.myservices
dotnet.nternationalization
dotnet.scripting
dotnet.security
dotnet.vjsharp
dotnet.vsa
dotnet.xml
dotnetfaqs
framework
framework.clr
framework.compactframework
framework.component_services
framework.controls
framework.databinding
framework.drawing
framework.enhancements
framework.interop
framework.odbcnet
framework.performance
framework.remoting
framework.sdk
framework.setup
framework.webservices
framework.windowsforms
framework.wmi
frwk.windowsforms.designtime
lang.csharp
lang.jscript
lang.vb
lang.vb.controls
lang.vb.data
lang.vb.upgrade
lang.vc
lang.vc.libraries
  
 
start date: Wed, 4 Jul 2007 16:56:19 +0200,    posted on: microsoft.public.dotnet.framework.aspnet.security        back       

Thread Index
  1    Magnus
          2    Joe Kaplan


Trying to retreive data from AD    
Hello,

I'm trying to get data from the AD via our intranet. It works on my local IIS server, but when running on a client I get the following message:

Source Error: 


Line 21:         ds.DirectoryEntry entry = new ds.DirectoryEntry("LDAP://CN=users,DC=skanska,DC=org");
Line 22:         ds.DirectorySearcher mySearcher = new ds.DirectorySearcher(entry);
Line 23:         ds.SearchResultCollection result = mySearcher.FindAll();
Line 24:         Response.Write(result.Count);
Line 25:         return; 


Source File: c:\Inetpub\wwwroot\myself\identificated\personaldata.aspx.cs    Line: 23 Stack Trace: 


[COMException (0x80072020): An operations error occurred.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) 
   System.DirectoryServices.DirectoryEntry.Bind() 
   System.DirectoryServices.DirectoryEntry.get_AdsObject() 
   System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) 
   System.DirectoryServices.DirectorySearcher.FindAll() 
   identificated_personaldata.Page_Load(Object sender, EventArgs e) in c:\Inetpub\wwwroot\myself\identificated\personaldata.aspx.cs:23
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) 
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) 
   System.Web.UI.Control.OnLoad(EventArgs e) 
   System.Web.UI.Control.LoadRecursive() 
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 흎
 


Also have the namespace as:
using ds=System.DirectoryServices;

skanska is the domain and org is the top domain (I think it's called)

And from the web.config:
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>

I am logged in as the same users both in the server and at the client.

Please help me.
Regards /Magnus
Date:Wed, 4 Jul 2007 16:56:19 +0200   Author:  

Re: Trying to retreive data from AD    
The operations error occurs on a bind operation when you failed to 
authenticate with the remote directory.  Given that you are impersonating, 
it looks like you are trying to use the identity of the authenticated user 
to bind to AD.  In a situation where you are using Windows authentication in 
ASP.NET and IIS, you are probably getting what is called a "double hop" 
issue.  This is solved by implementing Kerberos delegation.  The topic is 
well documented on TechNet and in these newsgroups, so a few searches should 
turn up ample documentation.

Joe K.

-- 
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Magnus"  wrote in message 
news:ukwLFvkvHHA.536@TK2MSFTNGP06.phx.gbl...
Hello,

I'm trying to get data from the AD via our intranet. It works on my local 
IIS server, but when running on a client I get the following message:

Source Error:


Line 21:         ds.DirectoryEntry entry = new 
ds.DirectoryEntry("LDAP://CN=users,DC=skanska,DC=org");
Line 22:         ds.DirectorySearcher mySearcher = new 
ds.DirectorySearcher(entry);
Line 23:         ds.SearchResultCollection result = mySearcher.FindAll();
Line 24:         Response.Write(result.Count);
Line 25:         return;


Source File: c:\Inetpub\wwwroot\myself\identificated\personaldata.aspx.cs 
Line: 23

Stack Trace:


[COMException (0x80072020): An operations error occurred.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +610
   System.DirectoryServices.DirectoryEntry.Bind() +36
   System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
   System.DirectoryServices.DirectorySearcher.FindAll(Boolean 
findMoreThanOne) +73
   System.DirectoryServices.DirectorySearcher.FindAll() +9
   identificated_personaldata.Page_Load(Object sender, EventArgs e) in 
c:\Inetpub\wwwroot\myself\identificated\personaldata.aspx.cs:23
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, 
Object t, EventArgs e) +15
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, 
EventArgs e) +34
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +47
   System.Web.UI.Page.ProcessRequestMain(Boolean 
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1061



Also have the namespace as:
using ds=System.DirectoryServices;

skanska is the domain and org is the top domain (I think it's called)

And from the web.config:
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>

I am logged in as the same users both in the server and at the client.

Please help me.
Regards /Magnus
Date:Wed, 4 Jul 2007 10:37:30 -0500   Author:  

Google
 
Web dotnetnewsgroup.com


COPYRIGHT ?2005, EUROFRONT WORLDWIDE LTD., ALL RIGHT RESERVE  |   Contact us