D
David Moore
Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END