I have created a web application that reads from the active directory (using a DirectorySearcher object) to populate certain field on the form. When I request the page from the browser on the machine where the web server is installed
,my code executes fine and the fields are populated correctly. The trouble is when I request the page using another machine, the web server returns a thrown exception ( Com execption) raised by either FindOne() or FindAll() method of the DirectorySearcher
Object.
Now, in my code, the DirectorySearcher is initiated and it's
SearchRoot property is pointing to a DirectoryEntry object I initiated before, which defines the
Path property only ( no User not
Password is used because I am using Windows authentication so I don't capture the user credentials apart from the username). Therefore the
Searcher fails to log on to the AD to carry out the search.
In another scenario, I have supplied a valid user name and password for the DirectoryEntry object and the page was successfully returned to the user.
My aim is to not use any hardcoded username/password in any file nor in the registry and I do want the user to log on via a logon page as I am using windows authentication.
To summarise: Why DirectorySearcher successfuly logs on to the AD when the page is requested from the same machine as the web server, and fails to do so when the page is requested from another machine?
Notes to Add: I am using Windows Authentication and Impersonnation is set to true and also the
AllowPartiallyTrustedCallersAttribute
is emitted in my assembly. ( this was added in my Assembly.cs file and checked in the resulting assembly using idasm tool)
Jimmy75
Member
20 Points
4 Posts
Trouble using DirectorySearcher from a partially trusted context
Jun 28, 2005 02:54 PM|LINK
I have created a web application that reads from the active directory (using a DirectorySearcher object) to populate certain field on the form. When I request the page from the browser on the machine where the web server is installed ,my code executes fine and the fields are populated correctly. The trouble is when I request the page using another machine, the web server returns a thrown exception ( Com execption) raised by either FindOne() or FindAll() method of the DirectorySearcher Object.
Now, in my code, the DirectorySearcher is initiated and it's SearchRoot property is pointing to a DirectoryEntry object I initiated before, which defines the Path property only ( no User not Password is used because I am using Windows authentication so I don't capture the user credentials apart from the username). Therefore the Searcher fails to log on to the AD to carry out the search.
In another scenario, I have supplied a valid user name and password for the DirectoryEntry object and the page was successfully returned to the user.
My aim is to not use any hardcoded username/password in any file nor in the registry and I do want the user to log on via a logon page as I am using windows authentication.
To summarise: Why DirectorySearcher successfuly logs on to the AD when the page is requested from the same machine as the web server, and fails to do so when the page is requested from another machine?
Notes to Add:
I am using Windows Authentication and Impersonnation is set to true and also the AllowPartiallyTrustedCallersAttribute is emitted in my assembly. ( this was added in my Assembly.cs file and checked in the resulting assembly using idasm tool)
Any help, comments would be highly appreciated.
Thanks.
dunnry
Star
9098 Points
1806 Posts
Re: Trouble using DirectorySearcher from a partially trusted context
Jun 28, 2005 07:42 PM|LINK
There is a new post now that discusses your options in this regard:
http://forums.asp.net/971665/ShowPost.aspx
See if this helps. If you have more questions, post back.
Weblog
The Book
LDAP Programming Help