calling ADSI objects from Web Application

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: johnny (johnny_at_discussions.microsoft.com)
Date: 01/28/05 

Date: Fri, 28 Jan 2005 01:15:02 -0800

Hello, I got this weird problem. I have an intranet application that needs to
communicate with Active directory. Authentication to Web application is done
by means of active directory accounts.

Now I have this code:

DirectoryEntry objDomain = new DirectoryEntry("LDAP://rootDse");
string domain = objDomain.Properties["defaultNamingContext"].Value.ToString();
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = new DirectoryEntry(string.Format("LDAP://{0}",domain));
ds.Filter = "(&(objectClass=group)(sAMAccountName=group_name))";
ds.SearchScope = SearchScope.Subtree;
SearchResult res = ds.FindOne();

When I run the application from any computer and authenticate as a user with
domain administrator privilige, everything works fine. When I authenticate as
a normal user application fail at line
SearchResult res = ds.FindOne();
throwing this exception:

Text: An operations error occurred
Exception Details: System.Runtime.InteropServices.COMException: An
operations error occurred
Stack Trace:
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +513
   System.DirectoryServices.DirectoryEntry.Bind() +10
   System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
   System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne) +198
   System.DirectoryServices.DirectorySearcher.FindOne() +31

To remind: This bunch of code is called from a library that is inside GAC to
assert it's not consindered as partially trusted code.

I have no idea, where the problem could be. As a first thing I thought the
user doesn't have a privilige to communicate to AD, so I took this piece of
code and put it into a Windows application and run as a normal user. It
worked ok.

Can anybody have any idea what I should do? I'd be very grateful. Thanks in
advance.

Relevant Pages

  • calling ADSI objects from WebApplication
    ... communicate with Active directory. ... by means of active directory accounts. ... When I authenticate as ... code and put it into a Windows application and run as a normal user. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • calling ADSI from WebApp
    ... communicate with Active directory. ... by means of active directory accounts. ... When I authenticate as ... code and put it into a Windows application and run as a normal user. ...
    (microsoft.public.dotnet.framework.clr)
  • Re: calling ADSI objects from WebApplication
    ... then it is definitely an issue with your security context. ... > by means of active directory accounts. ... > When I run the application from any computer and authenticate as a user ... > code and put it into a Windows application and run as a normal user. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: calling ADSI from WebApp
    ... > by means of active directory accounts. ... > When I run the application from any computer and authenticate as a user ... > domain administrator privilige, everything works fine. ... > code and put it into a Windows application and run as a normal user. ...
    (microsoft.public.dotnet.framework.clr)
  • Re: How to setup authentication across domains within a forest?
    ... forest, regardless of their location. ... DCs for the domain ... Windows 2003 Server Deployment Guide (Active Directory ... >> authentication db and users authenticate to the ...
    (microsoft.public.windows.server.active_directory)