I'm maintaining a legacy ASP.NET 3.5 application that queries Active Directory. The application uses "Integrated Windows Authentication" and is designed to connect to Active Directory using its own security context rather than a dedicated username and password.
Here is the relevant code.
using (DirectoryEntry root = new DirectoryEntry())
using (DirectorySearcher searcher = new DirectorySearcher(root))
{
searcher.Filter = string.Format("(&(samAccountName={0})(objectClass=user)(objectCategory=person))", userName.Trim());
SearchResultCollection results = searcher.FindAll();
}
Although it uses ASP.NET 3.5, it needs to be runnable from an ASP.NET 4.0 application pool due to existing infrastructure constraints.
The call to FindAll
throws the following exception under certain circumstances:
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.
When I inspect the exception object with the Visual Studio debugger, the ExtendedErrorMessage
property contains more detailed information:
000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
The following screenshot shows what this looks like in Visual Studio's debugger:
I've found some work-arounds to make this work, but none of them are acceptable to me:
I've found some suggestions from the Internet, but none of them completely resolved the problem:
HostingEnvironment.Impersonate()
.I would like to make this work without having to reconfigure anything in Active Directory. It works fine under certain IIS configuration as shown above, so I believe it should be possible to make it work by reconfiguring the application or IIS (except for changing the .NET framework version).
I believe the problem had multiple causes:
To resolve the second one, upgrade the application to ASP.NET 4.0 or configure IIS to use ASP.NET 2.0.
User contributions licensed under CC BY-SA 3.0