Last post Jun 07, 2011 01:08 PM by Jeev
Jul 07, 2009 05:27 PM|t_bowin|LINK
I have a VB.NET page that, when using the "view in browser" function, works great querying active directory through LDAP, however, when I post the page to our intranet, the query doesn't connect to LDAP. Would this be a setting in IIS, ASP.NET, or LDAP?
Here is the code:
** strUserName is passed by User.Identity.Name.ToString(). It is also displayed on the page so I at least know that part is functioning.
Public Function GetEmailFromActDir(ByVal strUserName As String) As String
Dim strEmailAddress As String
Dim strPath As String = LDAP://****/DC=***,DC=***,DC=***
Dim strUserIds As String = Mid(strUserName, 5, Len(strUserName))
Dim objDirEntry As New System.DirectoryServices.DirectoryEntry(strPath)
Dim objDirSearcher As New System.DirectoryServices.DirectorySearcher(objDirEntry)
Dim objCollSearchResult As System.DirectoryServices.SearchResultCollection
Dim objlSearchResult As System.DirectoryServices.SearchResult
Dim objCollResultProperty As System.DirectoryServices.ResultPropertyCollection
Dim objCollResultPropertyValue As System.DirectoryServices.ResultPropertyValueCollection
objDirSearcher.Filter = "(&(objectClass=user)(anr=" & strUserIds & "))"
objCollSearchResult = objDirSearcher.FindAll()
Select Case objCollSearchResult.Count
strEmailAddress = ""
Case Is > 1
Case Is = 1
objlSearchResult = objCollSearchResult.Item(0)
objCollResultProperty = objlSearchResult.Properties
objCollResultPropertyValue = objCollResultProperty.Item("mail")
strEmailAddress = objCollResultPropertyValue.Item(0)
objlSearchResult = Nothing
objCollResultProperty = Nothing
objCollResultPropertyValue = Nothing
Catch ex As System.Exception
Dim strMess As String
strMess = ex.Message
strEmailAddress = ""
Jul 07, 2009 06:25 PM|FileFoundException|LINK
What is the exception message you're getting?
It could be that the user account under which your site is running on your intranet does not have access to AD. When your right click on page and View in Browser, the site is running under the user running the visual studio which does have access to AD.
At any case, turn on impersonation from web.config.
Jul 08, 2009 12:27 PM|t_bowin|LINK
It was giving any exception message that I could see, it just wasn't querying AD. I think you're right about it running under the ASPNET account on the intranet, which does not have access to AD.
I added <identity impersonate="true" /> to the web.config file and it's working great.
Thanks for your help, it's much appreciated!
Jun 07, 2011 01:02 PM|KMPrenger|LINK
Sorry to resurrect an old thread, but I'm having this exact same issue. (working on local PC, but not on intranet) Only, when I add the identity impersonate="true" to my web.config file and then try to view it via our intranet server, I get errors.
Once I turn the custom errors mode to "Off" I see this:
An unhandled exception occurred during the execution of the current web
request. Please review the stack trace for more information about the error and
where it originated in the code.
System.Runtime.InteropServices.COMException: An operations error
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
[COMException (0x80072020): An operations error occurred.
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +377678
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
TestAutoLogon._Default.Page_Load(Object sender, EventArgs e) in C:\inetpub\TestAutoLogon\TestAutoLogon\TestAutoLogon\Default.aspx.vb:76
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
I applogize as this is my first attempt at querying active directory so any help is appreciated. I have contacted our network guy to see if giving the user account on the intranet server access to AD could be the fix we need...
Jun 07, 2011 01:08 PM|Jeev|LINK
The reason why it works on your local machine especially if you are using the built in web server is because the code is running as you who has active directory However on the server it is running under a non AD account. You can ask your admin to give you
a service account and password and use that account credentials for doing all AD queries in your application