Active Directory authentication

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello. I am writing an application that uses Active Directory and needs to
grab user information. I pass user email addresses and and get back a
userInfo structure with AD information. My issue is that for some users it
works, and others it doesn't. I saw in my traces that in the failing
instances that the authentication is 'negotiate' although I explicitly set it
to Windows under IIS.

Thanks
javabean260
 
Hello. I am writing an application that uses Active Directory and needs to
grab user information. I pass user email addresses and and get back a
userInfo structure with AD information. My issue is that for some users it
works, and others it doesn't. I saw in my traces that in the failing
instances that the authentication is 'negotiate' although I explicitly set it
to Windows under IIS.
Click to expand...

If it's working for some users when the problem is probably in
security or in the code. Can you send an example of how you make the
request to AD?
 
Here is an example of how I am making a request to AD

HttpContext.Current.Trace.Warn("BEGIN--> Utilities: GetCurrentUserInfo()");

SearchResult result = null;
UserInfo userInfo = null;
if (session[Constants.USER_INFO] != null)
{
userInfo = (UserInfo)session[Constants.USER_INFO];
}
else
{
string[] tmpUserName = fullUserName.Split(new char[] { '\\'
});
string userName = tmpUserName[tmpUserName.Length - 1];

DirectoryEntry directoryEntry = new
DirectoryEntry(ConfigurationManager.AppSettings["LDAP_ROOT"]);
HttpContext.Current.Trace.Warn("Ldap Root: " +
ConfigurationManager.AppSettings["LDAP_ROOT"]);
if (directoryEntry == null)
HttpContext.Current.Trace.Warn("directoryEntry is null");
else HttpContext.Current.Trace.Warn("directoryEntry
created.");
DirectorySearcher directorySearcher = new
DirectorySearcher(directoryEntry);
if (directorySearcher == null)
HttpContext.Current.Trace.Warn("directorySearcher is null");
else HttpContext.Current.Trace.Warn("directorySearcher
created.");
directorySearcher.PropertiesToLoad.Add("mail");
directorySearcher.PropertiesToLoad.Add("givenName");
directorySearcher.PropertiesToLoad.Add("sn");
directorySearcher.PropertiesToLoad.Add("description");
directorySearcher.PropertiesToLoad.Add("sAMAccountName");
directorySearcher.Filter = "sAMAccountName=" + userName;
HttpContext.Current.Trace.Warn("properties added.");

try
{
result = directorySearcher.FindOne();
}
catch(Exception exception){
HttpContext.Current.Trace.Warn("FindOne() bombed");
HttpContext.Current.Trace.Warn(exception.StackTrace);
HttpContext.Current.Trace.Warn("Exception message " +
exception.Message);
}

userInfo = LoadUserInfo(result);
if (userInfo != null)
{
session[Constants.USER_INFO] = userInfo;
}
}
if (userInfo == null) HttpContext.Current.Trace.Warn("userInfo
is null");

HttpContext.Current.Trace.Warn("END--> Utilities:
GetCurrentUserInfo()");
return userInfo;
 
Here is an example of how I am making a request to AD

HttpContext.Current.Trace.Warn("BEGIN--> Utilities: GetCurrentUserInfo()");
Click to expand...

The code is correct, I think. What error did you get when it's failed?
Maybe the problem is in the binding string, or these users have
different properties, I don't know...

When I have a problem with AD, I use LDAP Browser
(www.ldapbrowser.com). This tool helps to see directory structure
using the same binding string and userid/password
 
Back
Top