A local error occurred while connecting to AD in the Windows 2008 server

advertisements

There's Active directory on windows 2000 advance server, I have a web server on Windows 2008 server Enterprise Edition, the following code works fine in Winsows 2003 server but when I installed Win 2008 server, it gives me the following error, the webserver is not subdomain of the AD server. but they have the same range IP address.

A local error has occurred.

System.DirectoryServices.DirectoryServicesCOMException

I want to Authenticate Via AD from my webserver, I even test the port 389 and it was open(by telnet), I even added port 389 UDP and TCP to firewall of webserver to be sure it is open, even I turned the firewall off but nothing changed. I don't know what's wrong with Windows 2008 server that cannot run my code, I search Internet but I found nothing. any solution would be helpful. Thank you

public bool IsAuthenticated(string username, string  pwd,string group)
{
  string domainAndUsername = "LDAP://192.xx.xx.xx:389/DC=test,DC=oc,DC=com" ;
  string usr="CN=" + username + ",CN=" + group;
  DirectoryEntry entry = new DirectoryEntry(domainAndUsername, usr, pwd,
                                            AuthenticationTypes.Secure );

  try
  {
    DirectorySearcher search = new DirectorySearcher(entry);

    search.Filter = "(SAMAccountName=" + username + ")";

    SearchResult result = search.FindOne();

    if (result == null)
    {
        return false;
    }
  }
  catch (Exception ex)
  {
      return false;
  }
  return true;
}


Ok, let's try a different approach... You indicated that you're on Windows 2008 which means that you should be able to use the new System.DirectoryServices.AccountManagement-namespace introduced in .NET 3.5.

I've written a quick function that you can try out which should work better than the code you're currently using:

using System.DirectoryServices.AccountManagement;

//...

private Boolean IsAuthenticated(String username, String password, String group)
{
  PrincipalContext domain;
  try
  {
    // Connect to the domain:
    domain = new PrincipalContext(ContextType.Domain, "192.xx.xx.xx", username, password);
  }
  catch
  {
    // Unable to connect to the domain (connection error or bad username/password):
    return false;
  }

  PrincipalSearcher searcher = new PrincipalSearcher();

  // Search for the user in the domain:
  UserPrincipal findUser = new UserPrincipal(domain);
  findUser.SamAccountName = username;
  searcher.QueryFilter = findUser;
  UserPrincipal foundUser = (UserPrincipal)searcher.FindOne();

  // Search for the group in the domain:
  GroupPrincipal findGroup = new GroupPrincipal(domain);
  findGroup.SamAccountName = group;
  searcher.QueryFilter = findGroup;
  GroupPrincipal foundGroup = (GroupPrincipal)searcher.FindOne();

  if (foundGroup != null)
  {
    // Return true if group exists and the user is a member:
    return foundUser.IsMemberOf(foundGroup);
  }
  else
  {
    // Group was not found:
    return false;
  }
}

However I would recommend that you set up a service account in your domain and use that account (with a password that you know) in your application instead of connecting to the directory with the username/password of the user that you're autenticating.