So heres my question. I have a Asp.net application with a form based authentication. I have users in my database but the users also has to be in the active directory.
The following code is for me to check if user is in the domain A
DirectoryEntry de = new DirectoryEntry(); de.Path = "LDAP://domainA.com"; de.AuthenticationType = AuthenticationTypes.None; DirectorySearcher search = new DirectorySearcher(de); search.Filter = "(SAMAccountName=" + account + ")"; search.PropertiesToLoad.Add("displayName"); SearchResult result = search.FindOne(); This code work fine. The problem is client is requesting that domain B should also be able to connect to the application. So created the following code:
DirectoryEntry de = new DirectoryEntry(); de.Path = "LDAP://domainB.com"; de.AuthenticationType = AuthenticationTypes.None; DirectorySearcher search = new DirectorySearcher(de); search.Filter = "(SAMAccountName=" + account + ")"; search.PropertiesToLoad.Add("displayName"); SearchResult result = search.FindOne(); Since my server is in domainA this does not work. Is there a way for me to query domainB knowing that the server is in domainA? I found an article saying trust needs to be setup for domainA and B but this domains shouldnt be linked. Its only for this application that they need this functionality.
P.S. I might forgot to explain an important detail. domainA and B are not on the same network. But domainA can ping domainB
2 Answers
Answers 1
You will need to provide credentials that have permission to query AD on domain B.
var de = new DirectoryEntry("LDAP://domainB.com", "Username", "Password"); var search = new DirectorySearcher(de); Answers 2
While trying samples against a foreign domain, I noticed that the foreign DC is giving the error message "The server is unavailable" when using the wrong authentication type. Please try:
de.User = @"DOMAINB\user"; de.Password = "YourPassword"; de.AuthenticationType = AuthenticationTypes.None; Of course this results in an unsecured BASIC simple bind, which removes any encryption ADSI might offer. If this works, you should try a more secure authentication type that the server accepts.
An alternative might be using the "System.DirectoryServices.Protocols"-namespace which offers a more lightweight approach for AD access. I can provide you with a sample I you want to go in this direction.
0 comments:
Post a Comment