I am trying to authenticate ADAM user, please look at the code I am using. when I am doing over a secure channel on the network it gives an error.
Any ideas would be greately appreciated.
int portNumber=389; String serverName="10.144.153.27"; String partitionDir = "rootDSE";
DirectoryEntry verifiedUser = new DirectoryEntry("LDAP://"+serverName+":"+portNumber+"/"+partitionDir,"t...@test.com","temp",AuthenticationTypes.Secure);
Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
ADAM users must be authenticated with AuthenticationTypes.None (or AuthenticationTypes.SecureSocketsLayer if you have SSL on ADAM). Additionally, you must specify the username as either the full ADAM DN or the UPN if you set the UPN of the ADAM user.
If you want to authenticate a Windows user (on the local machine or in a domain that the machine trusts), then use AuthenticationTypes.Secure.
> I am trying to authenticate ADAM user, please look at the code I am > using. > when I am doing over a secure channel on the network it gives an error.
> Runtime Error > Description: An application error occurred on the server. The current > custom error settings for this application prevent the details of the > application error from being viewed remotely (for security reasons). It > could, however, be viewed by browsers running on the local server > machine.
> Details: To enable the details of this specific error message to be > viewable on remote machines, please create a <customErrors> tag within > a "web.config" configuration file located in the root directory of the > current web application. This <customErrors> tag should then have its > "mode" attribute set to "Off".
> Notes: The current error page you are seeing can be replaced by a > custom error page by modifying the "defaultRedirect" attribute of the > application's <customErrors> configuration tag to point to a custom > error page URL.
I have tried with AuthenticationTypes.None and also with AuthenticationType.SecureSocketsLayer, but still I am getting the same error. Do I have to put it in the GAC or do I need to change anything in web.config.
I'd suggest getting this working outside of ASP.NET (console app or something) to avoid any confusion there. You shouldn't need to change anything in web.config or GAC to get this to work though.
The other thing I'd do is make sure you can successfully authenticate these users in ADAM using ldp.exe and a simple bind before I'd try S.DS as ldp will give you more useful error messages.
Also, you need to make sure that the ADAM user's password is properly set and the account is not disabled.
I have successfully tested from ldp.exe it is working fine there, then I have tested in ASP.NET locally there also it is working without any problems, but when I use the same code on the production WEB Server, it is giving an error. Is it something related to network.?
see the simple code below: DirectoryEntry Ds; Ds = new DirectoryEntry("LDAP://DSSS01:389/rootDSE","principleusern...@ss.com","tests",AuthenticationTypes.None); Ds.RefreshCache();
> I have successfully tested from ldp.exe it is working fine there, then > I have tested in ASP.NET locally there also it is working without any > problems, > but when I use the same code on the production WEB Server, it is giving > an error. Is it something related to network.?
> see the simple code below: > DirectoryEntry Ds; > Ds = new > DirectoryEntry("LDAP://DSSS01:389/rootDSE","principleusern...@ss.com","tests",AuthenticationTypes.None); > Ds.RefreshCache();
> Any ideas? I really appreciate your help on this
This is a shot in the dark but I had to add the user that I'm binding as to the "Reader" role to get this to work. I'm not at my work computer right now so I can't give you exact instructions for doing so but I'll try to check this post on Monday to see if your still stuck. -- Anthony Yott
> > I have successfully tested from ldp.exe it is working fine there, then > > I have tested in ASP.NET locally there also it is working without any > > problems, > > but when I use the same code on the production WEB Server, it is giving > > an error. Is it something related to network.?
> > see the simple code below: > > DirectoryEntry Ds; > > Ds = new > > DirectoryEntry("LDAP://DSSS01:389/rootDSE","principleusern...@ss.com","tests",AuthenticationTypes.None); > > Ds.RefreshCache();
> > Any ideas? I really appreciate your help on this
please see the following error message when I try on production server. It could be Network issue, I am trying to find this one from network folks.
Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
I think any user reading the directory needs at least Read access. I had created a new user and I was trying to bind as the new user and having issues even though it worked find with ldp.exe. I did a google search and someone mentioned adding the user that I'm trying to bind as to the Readers role. Once I done that everything worked fine.
To add a user to the Reader role do the following 1.) Open ADAM adsiedit mmc 2.) Navigate to your partition (e.g., O=Microsoft, c=US) 3.) Go the the CN=Roles container 4.) In the "right pane" right click the 'CN=Readers' node 5.) Scroll down the attribute list and find the 'member' attribute 6.) Select the 'member' attribute and click the 'Edit' button 7.) click the 'Add windows account...' or 'Add ADAM Account...' button. This will depend on whether you are binding as an AD or and ADAM Principal. Just choose the appropriate one. 8.) If you choose an ADAM account then put in the DN of the user (e.g. CN=joeblow,OU=ADAM users,O=Microsoft,C=US) 9.) Click Ok 10.) Click OK
After this your AD or ADAM Princiapl should have read permissions to the directory and your bind should work. If this fails (and this is another shot in the dark), I'm wondering if you will need to add the identity (ASP.NET or whatever idenitty your web site/service is running under) that the process is running as to the Readers role.
Sorry, you need to get ASP.NET configured so you can get the full error message and stack trace. Setting customErrors to "Off" should work, but I'm not sure what to tell if you it doesn't. This isn't an ASP.NET newsgroup.
Like I said before, you might want to try getting this working in a console application first.
> please see the following error message when I try on production server. > It could be Network issue, I am trying to find this one from network > folks.
> Runtime Error > Description: An application error occurred on the server. The current > custom error settings for this application prevent the details of the > application error from being viewed remotely (for security reasons). It > could, however, be viewed by browsers running on the local server > machine.
> Details: To enable the details of this specific error message to be > viewable on remote machines, please create a <customErrors> tag within > a "web.config" configuration file located in the root directory of the > current web application. This <customErrors> tag should then have its > "mode" attribute set to "Off".
> Notes: The current error page you are seeing can be replaced by a > custom error page by modifying the "defaultRedirect" attribute of the > application's <customErrors> configuration tag to point to a custom > error page URL.
I am able to authenticate now. great relief, thanks to you all. But when I try to set the password I am getting the following error. Pls. look at the following code and error message. I was able to sign in with no errors, but below code gets error!! Any ideas?
objUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_PORTNUMBER, intPort}); objUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR}); objUser.Invoke("SetPassword", new object[] {"ADAMcomplexpassword1$"});
const long ADS_OPTION_PASSWORD_PORTNUMBER = 6; const long ADS_OPTION_PASSWORD_METHOD = 7; const int ADS_PASSWORD_ENCODE_CLEAR = 1; int intPort; DirectoryEntry objUser; string strPath; string strPort; // User DN. // Construct the binding string. strPort = "389"; strPath = string.Concat("LDAP://10.444.222.22:/CN=testuser,ou=ct,c=us,ou=people");
objUser = new DirectoryEntry(strPath, "admin_username", "admin_password",AuthenticationTypes.Secure); objUser.RefreshCache();
Response.Write("Signed IN");
// Set port number, method, and password. intPort = Int32.Parse(strPort);
objUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_PORTNUMBER, intPort}); objUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR}); objUser.Invoke("SetPassword", new object[] {"ADAMcomplexpassword1$"});
Thanks,
Error Message:
Bad variable type. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException: Bad variable type.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
What is the OS for the web server? If it is Windows 2000, you might have some difficulty with this as the version of ADSI that supports changing the password port number and such is a post SP4 hotfix.
XP SP2 and 2K3 SP1 both contain the fix and do not require a hotfix.
> I am able to authenticate now. great relief, thanks to you all. > But when I try to set the password I am getting the following error. > Pls. look at the following code and error message. I was able to sign > in with no errors, > but below code gets error!! Any ideas?
> objUser.Invoke("SetOption", new object[] > {ADS_OPTION_PASSWORD_PORTNUMBER, intPort}); > objUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_METHOD, > ADS_PASSWORD_ENCODE_CLEAR}); > objUser.Invoke("SetPassword", new object[] {"ADAMcomplexpassword1$"});
> const long ADS_OPTION_PASSWORD_PORTNUMBER = 6; > const long ADS_OPTION_PASSWORD_METHOD = 7; > const int ADS_PASSWORD_ENCODE_CLEAR = 1; > int intPort; > DirectoryEntry objUser; > string strPath; > string strPort; > // User DN. > // Construct the binding string. > strPort = "389"; > strPath = > string.Concat("LDAP://10.444.222.22:/CN=testuser,ou=ct,c=us,ou=people");
> objUser = new DirectoryEntry(strPath, "admin_username", > "admin_password",AuthenticationTypes.Secure); > objUser.RefreshCache();
> Response.Write("Signed IN");
> // Set port number, method, and password. > intPort = Int32.Parse(strPort);
> objUser.Invoke("SetOption", new object[] > {ADS_OPTION_PASSWORD_PORTNUMBER, intPort}); > objUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_METHOD, > ADS_PASSWORD_ENCODE_CLEAR}); > objUser.Invoke("SetPassword", new object[] {"ADAMcomplexpassword1$"});
> Thanks,
> Error Message:
> Bad variable type. > Description: An unhandled exception occurred during the execution of > the current web request. Please review the stack trace for more > information about the error and where it originated in the code.
> Exception Details: System.Runtime.InteropServices.COMException: Bad > variable type.
> Source Error:
> An unhandled exception was generated during the execution of the > current web request. Information regarding the origin and location of > the exception can be identified using the exception stack trace below.
For the Web Server OS is W2K SP4. I am using the default port number, does this matter? also is it because the administrator account on ADAM server does not have enough previliges to set/change passwords?
No, I think the problem is that when you are calling the IADsObjectOptions methods to set the password port number and encoding type, the version of ADSI on your server doesn't actually support those options as it is too new.
You need to get the latest hotfix for Windows 2000 ADSI or switch to one of the newer OS versions that I mentioned such as 2K3 SP1.
You can verify this by trying the code out on XP SP2 and seeing if it works (or at least gets futher).
> For the Web Server OS is W2K SP4. I am using the default port number, > does this matter? also is it because the administrator account on ADAM > server does not have enough previliges to set/change passwords?
|
