C# active directory services conundrum

C# active directory services conundrum

Post by Sm9l » Thu, 22 Apr 2004 23:11:01


When I run the following code on my development machine (Windows XP Professional) I get an error on line 2

1. DirectoryServices.DirectoryEntry adsiRoot = new DirectoryServices.DirectoryEntry("LDAP://RootDSE")

2. string sDefNamCtx = (string) adsiRoot.Properties["defaultNamingContext"][0]

The error is "The specified domain either does not exist or could not be contacted"

HOWEVER, if I compile the webservice & deploy to the Domain Controller - the application works!

Can anyone tell me why
Thanks, Joe
 
 
 

C# active directory services conundrum

Post by MVP - AD » Fri, 23 Apr 2004 01:40:20

It is a security context issue. Serverless binding and default credentials
binding depend on the underlying security context in order to determine the
domain controller and credentials to send. In ASP.NET, the security context
is often a local machine account, so that won't work (you can check this
with System.Security.Principal.WindowsIdentity.GetCurrent().Name).

Essentially, you may need to provide a server name and credentials in your
bind. There is more information here:

http://www.yqcomputer.com/ ;en-us;329986

Joe K.



following VB Script without error:

 
 
 

C# active directory services conundrum

Post by Sm9l » Fri, 23 Apr 2004 17:51:06

Hey

You cracked it! Thanks Joe

I just added to my Web.Config
<identity impersonate="true" /

And it worked fine. - But, out of interest, why would it work without this modification when installed directly on the Domain Controller
 
 
 

C# active directory services conundrum

Post by MVP - AD » Fri, 23 Apr 2004 23:41:07

That's a good question. I'm not sure about how the processModel gets set up
when you install ASP.NET on a DC since I thought all accounts on a DC were
domain accounts, but maybe not. In any event, running IIS on a DC is not a
recommended best practice, so you probably shouldn't be doing that.

Joe K.



this modification when installed directly on the Domain Controller?