I am using this example http://support.microsoft.com/kb/326340

After having to tweak some things I got it to work....I think.

The GetGroups function is causing an exception. Here is the code:

search.Filter = "(cn=" & _filterAttribute & ")"

Dim groupNames As StringBuilder = New StringBuilder()

Try

Dim propertyCount As Integer = result.Properties("memberOf").Count

Dim dn As String

Dim propertyCounter As Integer

dn = CType(result.Properties("memberOf")(propertyCounter), String)

commaIndex = dn.IndexOf(",", 1)

If (equalsIndex = -1) Then

Return Nothing

End If

Next

Throw New Exception("Error obtaining group names. " & ex.Message)

End Try

End Function

In this line Dim search As DirectorySearcher = New DirectorySearcher(_path) the path is formed like this LDAP://CN=Barton\,Tyler,OU=MedicBuilding,DC=Medics,DC=LCL

Notice the "\"after the last name. Is this suppose to be there? I cannot help but think that this is the reason for the error.

Help would be apperciated.

Thanks,

Ty

And what is the error?

I would try removing the "\" implicitly and check. 

I meant explicitly removing. Use Replace function to parse out.Or for testing purposes, just hard code the _path to isolate the problem.

I got it working.......sort of.

If you look at the example I was using there was code above the section I placed in my post that got the group membership and created a cookie ect. I had commented all that out as it was also throwing an error. I uncommented that code and started to walk the code in debug and found that somehow there was a "\" being added in to a the _path variable. I was able to remove the \ with some string manipulations and then it worked However....

Now when I log in it does forward me to me intended page but when I try to navigate to any other pages in the site it forces me to log in again so I'm missing something somewhere.

Any thoughts.

Thanks,

Ty

 I am not a VB person but tis link has the Vb equivalent  also:

http://msdn2.microsoft.com/en-us/library/ms998360.aspx

If your web site prompts for authentication on all pages you need to sync/fine tune:

1. IIS level permissions with file system permissions on the folder.

2. Consider permissions to ASP.NET / Network service and application pool under which your web site runs.

I used that example but I obviously have trust issues.

I get a "Unable to establish a secure connection to the server" error.

I have added the following to my web.config file with no luck.

    <securityPolicy>
    <trustLevel name="Full"    policyFile="internal"/>
    <trustLevel name="High"    policyFile="web_hightrust.config"/>
    <trustLevel name="Medium"  policyFile="web_mediumtrust.config"/>
    <trustLevel name="Low"     policyFile="web_lowtrust.config"/>
    <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
    </securityPolicy>

   <trust="Full" originalurl="" />

Not sure where to go with this now.

Thanks,

Ty

 This might help:

http://directoryprogramming.net/forums/thread/1813.aspx 

Thanks for the suggestion. I did read that post yesterday but still same error.

I did submit a reply today just in case someone might have a thought.

Thanks,

Ty

 Not sure if this will help. I use a service account that has sufficient rights over AD for all AD related apps. You might want to try that.

I don't think that it is that type of permissions problem as I am using a domain admin account but I think it is more a missing or incorect setting for IIS 7 or ASP maybe? I'm not sure I remember in IIS 6 having to add some security accounts.....asp.net maybe something like that but that was a while ago.

Ty

You might want to check the IIS settings/Application pool account. Is the userid used to connect to AD  ASP.NET or IUSER_ account  ? 

I looked at the application pool under IIS7 and the setting are Classic .NET AppPool = Classic Managed pipeline mode and DefaultAppPool = Integrated Managed pipeline mode.

As far as the userid...... I'm not sure. How would I tell? The authentication is Anonumous = enabled and Forms Authentication = enabled

Thanks for your help

Ty

I have not worked with IIS7 so I do not know of the settings. I would start with checking the IIS logs to make sure that this is an IIS-settings issue.  I would also hard code the userid/password in the application to further investigate the problem. In your code where you set the LDAP://... etc, the directorySearcher object: I would hard code a userid/password that has minimum read rights on the AD tree.