ASP.NET - Accessing Active Directory from code behind page

I have made a web application, which reads/writes from/to Active Directory. In my web.config file there is

<identity impersonate="true"/>

and

<authentication mode="Windows"/>

When I display

System.Web.HttpContext.Current.User.Identity.Name

in some label, it shows mydomain\myusername, so I think impersonation works.

Now to the question. When I access the application on the server, where the IIS web server is running, everything works great. But when I access the web application from a remote PC, I get an exception (the label still shows "mydomain\myusername").

I have traced the problem down. In the code behind when I call

Forest currentForest = Forest.GetCurrentForest();

the variable currentForest knows its currentForest.Name, currentForest.RootDomain or currentForest.ForestMode, but any call to currentForest.Domains, currentForest.Sites or currentForest.GlobalCatalogs results in

System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException.

Now I'm lost and don't know what to debug further. The account I'm using is member of Enterprise Admins (multi-domain forest). I have tried it on two different servers with different IIS versions (IIS 7.5 and IIS 6.0) with no luck.

And the thrown exception isn't of much help:

Exception Details: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:
DirectoryServicesCOMException (0x80072020): An operations error occurred.

System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +557
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +98
System.DirectoryServices.ActiveDirectory.ADSearcher.FindAll() +46
System.DirectoryServices.ActiveDirectory.Forest.GetDomains() +543

[ActiveDirectoryOperationException: An operations error occurred.]

System.DirectoryServices.ActiveDirectory.Forest.GetDomains() +512484
System.DirectoryServices.ActiveDirectory.Forest.get_Domains() +44
myWebApp.ASPpage.Button_Click(Object sender, EventArgs e) in C:\Documents and Settings\myUser\documents\visual studio\Projects\MyWebApp\MyWebApp\ASPPage.aspx.cs:158
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981

EDIT: If it is not obvious, I want to use currentForest.Domains to search the whole forest (all domains) for a user given by UPN name.

I found the answer to my question in one of "Related questions" on this page. The answer was in this topic: Why does DirectoryServicesCOMException occur querying Active Directory from a machine other than the web server?

I found, that it was exactly my case. After reading the suggested Microsoft article, I learned, that impersonating works only for local resources on the IIS server. To access network resources (SQL, Active Directory), I have to set "Trust this computer for delegation" in the computer object in Active Directory.