Re: defaultNamingContext property failing in asp.net

From: Ollie Riches (ollie.riches_at_phoneanalser.net)
Date: 03/17/05 

Date: Thu, 17 Mar 2005 09:51:06 -0000

thanks for the info Joe. It was the fact that we were authenticating as
anonymous user and when we set impersonation true for the aspx page then it
all work fine

Cheers

Ollie Riches

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eydj0llKFHA.2764@tk2msftngp13.phx.gbl...
> Along the lines of the rest of the article that I sent in my last message,
> you may need to provide credentials in your DirectoryEntry as well as a
> server name.
>
> Credentials and a DC to talk to are the two things that ADSI picks up from
> the Windows security context and will supply automatically if you don't
> specify them directly. However, if you don't specify them and your
security
> context isn't a domain account, then those will both fail.
>
> What is likely happening is that you are being authenticated as the
> anonymous user in AD and don't have any permissions to see any objects.
>
> Joe K.
>
> "Ollie Riches" <ollie.riches@phoneanalser.net> wrote in message
> news:uzJS8pkKFHA.3992@TK2MSFTNGP15.phx.gbl...
> > thanks Joe, I do some more searching and found another one of your posts
> > explaining this and it works for accessing the default context but when
I
> > attempt to get the users name ('cn' property) it fails. the code is
shown
> > below.
> >
> > string currentUserName =
> > (((string)Context.User.Identity.Name).Split('\\'))[1];
> > string contextPath = "";
> > using(DirectoryEntry rootEntry = new
> > DirectoryEntry("LDAP://XXXXXX/RootDSE"))
> > {
> > contextPath =
> > rootEntry.Properties["defaultNamingContext"].Value.ToString();
> > }
> > using(DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
> > contextPath))
> > using(DirectorySearcher searcher = new DirectorySearcher())
> > {
> > searcher.SearchRoot = contextEntry;
> > searcher.Filter =
> > String.Format("(&(objectCategory=person)(samAccountName={0}))",
> > currentUserName);
> > searcher.PropertiesToLoad.Add("cn");
> > searcher.SearchScope = SearchScope.Subtree;
> > SearchResult result = searcher.FindOne();
> > return result.Properties["cn"][0].ToString();
> > }
> >
> > When impersonation was used in asp.net then it all works perfectly fine
as
> > I
> > expected but using impersonation defeats what I am try to achieve.
> >
> >
> >
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
wrote
> > in message news:#jpM27jKFHA.3992@TK2MSFTNGP15.phx.gbl...
> >> The issue is probably serverless binding (not putting a server name in
> > your
> >> binding string). That only works if your current thread is running
under
> > a
> >> domain account.
> >>
> >> Trying putting the DNS name of a domain controller in there
> >> (LDAP://server.com/RootDSE) and see if that fixes it. If so, that's
your
> >> problem.
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;329986
> >>
> >> Joe K.
> >>
> >> "Ollie Riches" <ollie.riches@phoneanalser.net> wrote in message
> >> news:eE0%23HAhKFHA.1948@TK2MSFTNGP14.phx.gbl...
> >> >I am trying to access an AD from asp.net, I am getting the 'famous'
"The
> >> > specified domain either does not exist or could not be contacted"
> >> > exception
> >> > with a HR = 0x08007054b
> >> >
> >> > the code (C# .Net) is as follows:
> >> >
> >> > DirectoryEntry rootEntry = new DirectoryEntry("LDAP://RootDSE");
> >> > string contextPath =
> >> > rootEntry.Properties["defaultNamingContext"].Value.ToString();
> >> > rootEntry.Dispose();
> >> > DirectoryEntry contextEntry = new DirectoryEntry("LDAP://" +
> > contextPath);
> >> >
> >> > I know this code works and as far as I know I should be able to
> >> > access\query
> >> > the root but it fails. So is it a permissions issue with asp.net or
the
> >> > domain configuration.
> >> >
> >> >
> >> > Cheers
> >> >
> >> > Ollie Riches
> >> > http://www.phoneanalyser.net
> >> >
> >> > Disclaimer: Opinions expressed in this forum are my own, and not
> >> > representative of my employer.
> >> > I do not answer questions on behalf of my employer. I'm just a
> > programmer
> >> > helping programmers.
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Relevant Pages

  • Re: Going from anonymous security to Windows Security in an ASP.NET application
    ... as I said in my previous post - there is no context on the client... ... Your page.context exists purely on the server. ... we need to have our own login page instead of the standard Windows logon ... impersonation, which takes place on the server has no effect on page ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: {OT} Obamas message war
    ... You are now debating simply for the sake of debating. ... And here's one to bake your noodle: You don't get to analyze the context ... Now you see why I have No Bedroom Joe on the permanent blocked list. ... and the gun control lobby and the wealth distriubution lobby and the ...
    (alt.autos.toyota)
  • Re: {OT} Obamas message war
    ... You are now debating simply for the sake of debating. ... And here's one to bake your noodle: You don't get to analyze the context ... Now you see why I have No Bedroom Joe on the permanent blocked list. ...
    (alt.autos.toyota)
  • Re: The Chinese MD5 attack
    ... is taken out of context. ... > Not everything is as black and white as you and your buddy SMS think it ... If you and your buddy Joe would just admit your mistakes then nobody ... Insults were posted and claims were made. ...
    (sci.crypt)
  • Re: Access File Share from ASP.NET using Unmanaged Code
    ... the issue with using the Process class is that it won't create the ... impersonation will be useful to pass into this, ... > Sorry Joe: ...
    (microsoft.public.dotnet.framework.aspnet.security)