DirectorySearcher works locally in VS2005 but not on webserver

J

Jason Wilson

I have written a web app in ASP.NET that works fine in VS2005, but
DirectorySearcher fails when I copy it to the web server.

Here's some code:

Dim sUser As String = Environment.UserName
Dim adEntry As New DirectoryEntry("LDAP://
DC=radnet,DC=ausrad,DC=com")
Dim adSearcher As New DirectorySearcher(adEntry)
adSearcher.SearchScope = SearchScope.Subtree
adSearcher.Filter = "(&(objectCategory=person)
(objectClass=user)(sAMAccountName=" & sUser & "))"
adSearcher.PropertiesToLoad.Add("mail")

adSearcher.PropertiesToLoad.Add("extensionAttribute1") 'This
contains employee SSN
Dim adResult As SearchResult = adSearcher.FindOne
***hfUserEmail.Value =
adResult.GetDirectoryEntry().Properties("mail").Value
***hfUserSSN.Value =
adResult.GetDirectoryEntry().Properties("extensionAttribute1").Value

*** These 2 lines give me: Object reference not set to an instance of
an object. (nullreference exception)

I've tried adding credentials to the DirectoryEntry with the same
results.

Thanks in advance,

Jason Wuksib
 
K

KA Kueh

Hi,

My guess is that the webserver is not a member of the domain that it is
querying. This will cause the query to fail.

Regards,
Kueh.
 
J

Jason Wilson

It's an intranet server and is a member of the domain. Also if it was
a security issue I think that I would get an access denied exception
 
J

Jason Wilson

Just a thought, but I am expecting the webserver to the do the query
under the context of the user of the web page. Do I need to do
something to make this happen? I mean do I need to somehow turn
impersonation on?

Jason
 
J

Jason Wilson

That was it. I added:

<identity impersonate="true" userName="domain\user" password="*****"/>

And now it works. It was running under the local system account
before which didn't have necessary rights (you'd think you'd get an
exception, but no).

I tried just turning on impersonation without providing credentials
and it failed because Kerberos doesn't like the 2 hop token. I think
you can get around that with enabling the webserver for delegation in
AD, but that gets kind of messy. This will work for now.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem updating Active Directory from code 1
Code Check: Active Directory 3
Active Directory searches 1
Active Directory and DirectorySearcher Filter 2
Unable to get certain usernames from AD 1
System.DirectoryServices works on one machine, but not another in same domain 7
LDAP lookup: fails on remote computers -- Please help 3
The following code IIS with WinXP SP2 but not on Windows 2003 SP1 1

Top