I have a web application that uses DirectoryServices.DirectorySearcher to do an LDAP query as below:
string sFilter = string.Format("(&(objectClass=user)(objectCategory=person)({0}={1}))", "sAMAccountName", name);
DirectoryEntry de = new DirectoryEntry(ConfigurationManager.AppSettings["LDAPPath"]);
de.AuthenticationType = AuthenticationTypes.Secure;
DirectorySearcher ds = new DirectorySearcher(de, sFilter);
ds.PropertiesToLoad.Add("department");
ds.PropertiesToLoad.Add("givenName");
ds.PropertiesToLoad.Add("sn");
ds.PropertiesToLoad.Add("telephoneNumber");
ds.PropertiesToLoad.Add("mail");
ds.PropertiesToLoad.Add("mobile");
ds.PropertiesToLoad.Add("title");
ds.PropertiesToLoad.Add("sAMAccountName");
ADUser user = new ADUser();
SearchResult sr = ds.FindOne();
This has always worked fine in all environments until we upgraded the application from .net 3.5 to .net 4 and made some other changes not related to this area of code. Now it works fine locally and on the dev server but for some reason not on the test server.
The dev server is on Windows Server 2008 and the test server is Windows Server 2008 r2, both with IIS7.
On both servers the application is set to run as follows:
ASP.NET v4.0 app pool with integrated pipeline mode
the only enabled authentication mode is windows authentication
Pass through authentication (application user)
I've been playing spot the difference for hours now and I can't see anything else that could be different. Has anyone got any ideas as I'm totally stuck now. Surely this can't be an "r2" issue can it?
The error message is:
System.Runtime.InteropServices.COMException: An operations error occurred.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[COMException (0x80072020): An operations error occurred.
]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +781
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +98
System.DirectoryServices.DirectorySearcher.FindOne() +44
GCPortal.Bookings.ADUser.GetUser(String name, SearchType searchType) in d:\GC Dev Source\Products\GCPortal\GCPortal\Bookings\ADUser.cs:64
GCPortal.Bookings.Visitor.VisitorBookingDB.StoreUserId() in d:\GC Dev Source\Products\GCPortal\GCPortal\Bookings\Visitor\VisitorBookingDB.cs:484
GCPortal.Bookings.Visitor.VisitorBookingView.Page_Load(Object sender, EventArgs e) in d:\GC Dev Source\Products\GCPortal\GCPortal\Bookings\Visitor\VisitorBookingView.aspx.cs:36
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
System.Web.UI.Control.LoadRecursive() +71
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064
Check the user identity the app pool is running under for the web site and compare it to the box on the dev server. I think there is a permissions issue causing the error when calling the code
fosbie
Member
73 Points
67 Posts
LDAP Code Works on Dev Server but not on Test after .net4 upgrade
May 03, 2012 10:15 AM|LINK
I have a web application that uses DirectoryServices.DirectorySearcher to do an LDAP query as below:
string sFilter = string.Format("(&(objectClass=user)(objectCategory=person)({0}={1}))", "sAMAccountName", name); DirectoryEntry de = new DirectoryEntry(ConfigurationManager.AppSettings["LDAPPath"]); de.AuthenticationType = AuthenticationTypes.Secure; DirectorySearcher ds = new DirectorySearcher(de, sFilter); ds.PropertiesToLoad.Add("department"); ds.PropertiesToLoad.Add("givenName"); ds.PropertiesToLoad.Add("sn"); ds.PropertiesToLoad.Add("telephoneNumber"); ds.PropertiesToLoad.Add("mail"); ds.PropertiesToLoad.Add("mobile"); ds.PropertiesToLoad.Add("title"); ds.PropertiesToLoad.Add("sAMAccountName"); ADUser user = new ADUser(); SearchResult sr = ds.FindOne();This has always worked fine in all environments until we upgraded the application from .net 3.5 to .net 4 and made some other changes not related to this area of code. Now it works fine locally and on the dev server but for some reason not on the test server.
The dev server is on Windows Server 2008 and the test server is Windows Server 2008 r2, both with IIS7.
On both servers the application is set to run as follows:
I've been playing spot the difference for hours now and I can't see anything else that could be different. Has anyone got any ideas as I'm totally stuck now. Surely this can't be an "r2" issue can it?
The error message is:
System.Runtime.InteropServices.COMException: An operations error occurred.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[COMException (0x80072020): An operations error occurred.
]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +781
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +98
System.DirectoryServices.DirectorySearcher.FindOne() +44
GCPortal.Bookings.ADUser.GetUser(String name, SearchType searchType) in d:\GC Dev Source\Products\GCPortal\GCPortal\Bookings\ADUser.cs:64
GCPortal.Bookings.Visitor.VisitorBookingDB.StoreUserId() in d:\GC Dev Source\Products\GCPortal\GCPortal\Bookings\Visitor\VisitorBookingDB.cs:484
GCPortal.Bookings.Visitor.VisitorBookingView.Page_Load(Object sender, EventArgs e) in d:\GC Dev Source\Products\GCPortal\GCPortal\Bookings\Visitor\VisitorBookingView.aspx.cs:36
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
System.Web.UI.Control.LoadRecursive() +71
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064
Ken Tucker
All-Star
16797 Points
2608 Posts
MVP
Re: LDAP Code Works on Dev Server but not on Test after .net4 upgrade
May 03, 2012 10:39 AM|LINK
Check the user identity the app pool is running under for the web site and compare it to the box on the dev server. I think there is a permissions issue causing the error when calling the code
Space Coast .Net User Group
fosbie
Member
73 Points
67 Posts
Re: LDAP Code Works on Dev Server but not on Test after .net4 upgrade
May 03, 2012 11:09 AM|LINK
Excellent, thanks for that. They do run as different users, the Test one was ApplicationPoolIdentity and the dev one was NetworkService.
Changing the test one to NetworkService appears to have fixed the problem.
Do you know what the difference is between these users?
Thanks again.