I have a .net web application that needs to obtains groups that a user is a member of in active directory.
My code works perfectly using my ID, but when I run it under the application ID it gives me the following error:
COMException (0x8007052e): Logon failure: unknown user name or bad password. ] System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +420085 System.DirectoryServices.DirectoryEntry.Bind() +36 System.DirectoryServices.DirectoryEntry.get_AdsObject() +31 System.DirectoryServices.PropertyValueCollection.PopulateList() +26 System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +49 System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +141 System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName) +57
The ID that I am using to run the application is in different domain than the users. I found this answer but I am not sure if it can apply to cross domain IDs.
What kind of configuration do we need for this to work?
What you are looking for is Active Directory delegation. MSFT has a published best practice document that you can use. However its very simple to implement. I also have a simple step-by-step setup of delegation for an open source AD application I wrote that you can take a look at:
User contributions licensed under CC BY-SA 3.0