I'm working on a solutions that require to get the windows authentication identity via Asp.net. It works perfectly on the development server as it retrieved my windows identity
However, things turns around when it comes to the server side. I can't seemed to find the problem.
These are my settings,
Server IIS 7.0
Windows Authentication enabled
Application Pool= Network Service
Loaduserprofile is set to true.
On the code side would be
System.Threading.Thread.GetDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal) Dim pl As New WindowsPrincipal(System.Threading.Thread.CurrentPrincipal.Identity)
Dim pr As New PrincipalContext(ContextType.Domain) Dim up As UserPrincipal = UserPrincipal.FindByIdentity(pr, pl.Identity.Name) Dim cn As String = "The LDAP connection works"
Dim dssearch As New System.DirectoryServices.DirectorySearcher Dim sresult As System.DirectoryServices.SearchResult Dim dresult As System.DirectoryServices.DirectoryEntry
Application Pool Identity is: NT AUTHORITY\NETWORK SERVICE
Identity Authentication Type is: Negotiate
Error would be:
The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Member
1 Points
8 Posts
LDAP works on Development Server but not on Windows Server 2008
Aug 21, 2013 03:30 AM|razorfire|LINK
Hi,
I'm working on a solutions that require to get the windows authentication identity via Asp.net. It works perfectly on the development server as it retrieved my windows identity
However, things turns around when it comes to the server side. I can't seemed to find the problem.
These are my settings,
Server IIS 7.0
Windows Authentication enabled
Application Pool= Network Service
Loaduserprofile is set to true.
On the code side would be
System.Threading.Thread.GetDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal)
Dim pl As New WindowsPrincipal(System.Threading.Thread.CurrentPrincipal.Identity)
Dim pr As New PrincipalContext(ContextType.Domain)
Dim up As UserPrincipal = UserPrincipal.FindByIdentity(pr, pl.Identity.Name)
Dim cn As String = "The LDAP connection works"
Dim dssearch As New System.DirectoryServices.DirectorySearcher
Dim sresult As System.DirectoryServices.SearchResult
Dim dresult As System.DirectoryServices.DirectoryEntry
dssearch = New System.DirectoryServices.DirectorySearcher(cn)
dssearch.Filter = "(userPrincipalName=" & up.UserPrincipalName & ")"
sresult = dssearch.FindOne()
dresult = sresult.GetDirectoryEntry()
txt_givenname.Text = up.GivenName
txt_lastname.Text = up.Surname
txt_loginname.Text = pl.Identity.Name
txt_email.Text = up.EmailAddress
txt_department.Text = dresult.Properties("department").Value.ToString()
Configuration check results:
Configurations check is
.NET version is: 2.0.50727.5466
Identity is:
Authentication is: False
Application Pool Identity is: NT AUTHORITY\NETWORK SERVICE
Identity Authentication Type is: Negotiate
Error would be:
The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ArgumentException: The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.]
System.DirectoryServices.ResultsEnumerator.MoveNext() +437089
System.DirectoryServices.SearchResultCollection.get_InnerList() +162
System.DirectoryServices.SearchResultCollection.get_Count() +9
System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory) +2002
System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate) +85
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +221
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) +81
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +42
service_request_portal.contactus.LoadRequest() +200
System.Web.UI.Control.OnLoad(EventArgs e) +132
System.Web.UI.Control.LoadRecursive() +66
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428
From my side, it's seems that profile didn't load, but i'm plucking out my hair because of that issue.
Can some please enlighten me?
Thank you!
WindowsIdentity LDAP server ServerWindowAuthentication
Member
1 Points
8 Posts
Re: LDAP works on Development Server but not on Windows Server 2008
Aug 21, 2013 04:23 AM|razorfire|LINK
When i replace pl.Identity.Name using my hardcoded Identity name, it works and the application runs.
So the issue is in i'm not getting the identity.Name
WindowsIdentity LDAP Windowsauthentication server ServerWindowAuthentication
All-Star
35159 Points
9075 Posts
Re: LDAP works on Development Server but not on Windows Server 2008
Aug 21, 2013 02:14 PM|smirnov|LINK
Things to check
1) what is set in the web.config, windows authentication?
2) Is anonymous access in IIS disabled?
3) Try HttpConext.Current.User instead of Thread.CurrentPrincipal
dssearch.Filter = "(userPrincipalName=" & User.Identity.Name.Split("\".ToCharArray())(1) & ")"WindowsIdentity LDAP server ServerWindowAuthentication
Member
1 Points
8 Posts
Re: LDAP works on Development Server but not on Windows Server 2008
Aug 21, 2013 09:18 PM|razorfire|LINK
Hi smirov,
It now works.
I'm missing
I thought impersonate is false by default? Cause, i remember my IIS ASP.NET Impersonation is disabled.
Thanks!
WindowsIdentity LDAP server ServerWindowAuthentication