tags:

views:

264

answers:

2
+1  Q: 

problem connecting to Active Directory server in C# .NET

Hi,

I'm currently writing some software in C# which needs to connect to an AD server and get some user details. When I connect using the code below it works against most AD servers that I connect to but there are a couple where it fails with an error of "Logon failure: unknown user name or bad password.". The server name / credentials I'm using are definately correct as I've tested them with an LDAP Browser and the AD server is using standard security (port 389 etc). Can anyone offer any advice?

Cheers

Tim

DirectoryEntry d = new DirectoryEntry("LDAP://" + domain, admin_username, admin_password);

try
{
   object x = d.NativeObject;
}
catch
{
   throw;
}
+3  A: 

I've had similar issues programming .net / AD in the past. One thing I found useful is using an LDAP viewer to see if I can connect to certain servers, etc. In this way, I can at least determine if it is a .NET error (perhaps my code), a credential error, etc.

I use the free/lite version of Softerra's LDAP viewer (http://www.ldapbrowser.com/download.htm) although I'm sure there are many others to choose from out there. If you try the one listed here, make sure to download the 'LDAP browser' and not 'LDAP Administrator'. The browser is the free one.

Try connecting to the same LDAP path you're having trouble with in code, using a LDAP browser/viewer. This will at least as step one determine if it is a .NET/code issue or not. If you can't connect via the browser, it can be helpful to play around with the connection options, such as port, domain (FQDN), etc.

Hope this might help narrow things down.

KP  2010-02-02 17:11:03
thanks for the reply. i've actually been using softerra's ldap browser to help diagnose the problem but have been unable to find out what the problem is.
tt83  2010-02-02 21:12:01
so you can connect using the ldap browser, but not via code to the offending server(s)?
KP  2010-02-02 21:22:32
it turned out to be a firewall problem preventing the web app from communication with the AD server
tt83  2010-02-09 14:19:21
+1  A: 

Active Directory allows at least three different logon name styles:

  1. LDAP - i.e. LDAP DN. For example: cn=JohnS, ou=Users, dc=example, dc=com
  2. NTLM. For example: EXAMPLE\JohnS
  3. Kerberos principal name: For example: [email protected]

However, you cannot login with just JohnS like you do with Windows box. It's a very common mistake.

Kirill Kovalenko  2010-02-03 12:04:05

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?