"The specified domain either does not exist or cannot be associated with it"
I am trying to use Integrated Windows Authentication in conjunction with DirectorySearcher to identify and authenticate an intranet user.
I was able to get some pretty simple code that seemed to do the trick, but when I tried on a live server I got the following error:
"The specified domain either does not exist or cannot be associated with it"
I cannot debug the application on a real server, so I copied it over to the old development server to test it. When I ran the application normally, it came up with the same error, so I tried to debug VS ... except that it worked fine.
I suspect it has to do with impersonation or with the LDAP invocation - obviously when this works for the debugger it is difficult to be sure of the real problem.
But I thought one of you guys could point me in the right direction.
Snippets from my authentication class:
Private Function GetUserID() As String Dim sID As String = HttpContext.Current.User.Identity.Name Return Mid(sID, InStr(sID, "\") + 1) End Function Private Function GetDisplayName() As String Dim oSearcher As New DirectorySearcher Dim oResult As SearchResult Dim sName As String = String.Empty With oSearcher .Filter = String.Format("(SAMAccountName={0})", _UserID) .PropertiesToLoad.Add("displayName") oResult = .FindOne() If Not oResult Is Nothing Then sName = oResult.Properties("displayName")(0).ToString() End If End With Return sName End Function Private Function GetEmail() As String Dim oSearcher As New DirectorySearcher Dim oResult As SearchResult Dim sEmail As String = String.Empty With oSearcher .Filter = String.Format("(SAMAccountName={0})", _UserID) .PropertiesToLoad.Add("mail") oResult = .FindOne() If Not oResult Is Nothing Then sEmail = oResult.Properties("mail")(0).ToString() End If End With Return sEmail End Function Private Function GetGroups() As StringCollection Dim oSearcher As New DirectorySearcher Dim oResult As SearchResult Dim colGroups As New StringCollection Dim i As Int16 With oSearcher .Filter = String.Format("(cn=" & _UserName & ")", _UserID) .PropertiesToLoad.Add("memberOf") oResult = .FindOne() If Not oResult Is Nothing Then Dim iGroupCount As Int16 = oResult.Properties("memberOf").Count For i = 0 To iGroupCount - 1 colGroups.Add(oResult.Properties("memberOf")(i).ToString()) Next End If End With Return colGroups End Function
source to share
I found it much easier to use the System.DirectoryServices.AccountManagement namespace for this kind of thing, in your case the UserPrincipal class is your friend.
Private Function GetEmail() As String
Dim pc As PrincipalContext = new PrincipalContext(ContextType.Domain)
Dim wi As WindowsIdentity = HttpContext.Current.User.Identity
Dim up As UserPrincipal = UserPrincipal.FindByIdentity(pc, wi.Name)
Return up.EmailAddress
End Function
source to share
I had the same problem and realized that the reason for the error was the way the URL was written.
When using AD and ADSI, make sure you are using the "UPPER CASE" paths. As I can see from your code, you write "cn" as lowercase. [GetGroups function]
Another way I'll try is to make sure you are using the correct connection string you are using.
LDAP: // CN = "+ username +", OU = "+ OU +", OU = myOU, DC = myDC1, DC = myDC2 ";
becomes
LDAP: // orgname .ad.root / CN = "+ username +", OU = "+ OU +", OU = myOU, DC = myDC1, DC = myDC2 ";
where " orgname " is the name of the server that AD is running on.
Hope it helps.
source to share
Here's another way to achieve the same functionality:
string fullPath = "LDAP://abc.xyz.com/DC=xyz, DC=com";
AuthenticationTypes authType = AuthenticationTypes.None;
DirectoryEntry verifiedUser = new DirectoryEntry(fullPath, txtUserName.Text.Trim(), txtPassword.Text.Trim(), authType);
verifiedUser.RefreshCache();
isAuthorisedUser = true;
This worked for me.
source to share