1

I just joined a company to support a web app that no one knows anything about. Everyone who might have once known is gone.

The app is using a dll (I only have the binary) which is used to get a string list of Active Directory groups that the user belongs to. The code works in production and when I run interactively in the VS2005 IDE, but does not work when I run it locally in IIS.

The code is this. It blows up on line 127:

Line 127:            userGroups = new FW.DirectoryHelper(username).getGroups();
Line 128:            List<string> roles = new List<string>();
Line 129:            List<string> groups = new List<string>();

With this error:

Error getting group information. The specified domain either does not exist or could not be contacted.

This looks like some sort of an issue with the ASPNET account not having access to Active Directory, but why is it working interactively but not under IIS? Is this because when I run interactvely I am running under my own credentials instead of the ASPNET account? Why would it run on other (eg, UAT) IIS servers including Production and not local?

Is there some local IIS configuration or fodler security configuration that I need to make to get it to work locally?

The binary is surely used elsewhere within my company; I think it is a shared IT utility that no one will support or trying to find someone who will will prove difficult.

My local IIS was configured with Windows Authentication turned on and Anonymous off. I also tried Windows Auth on and Anonymous...

Peter
  • 9,643
  • 6
  • 61
  • 108
Chad
  • 23,658
  • 51
  • 191
  • 321
  • I know it's been a while, but did any of these answers provide your solution? Or did you go some other route? – Peter Jul 23 '12 at 14:28

4 Answers4

1

Your issue is very similar to a question I answered recently, they too were using IIS 5.1.

Is it possible to retrieve data from Active Directory by impersonating a Windows authenticated user in ASP.NET?.

In my answer I provide a couple of possible solutions, what you will probably want to do is use ASP.Net impersonation.

Community
  • 1
  • 1
Peter
  • 9,643
  • 6
  • 61
  • 108
1

The code is using the windows login credentials for ldap, whichever pc is running the program. Try setting iis to anonymous access and give it an account (a dummy one perhaps) that has ldap reading rights. And in your web.config file, you're going to want to set this anonymous account like so:

<system.web>
<identity userName="DOMAIN\username" password="myPW"/>
</system.web>
Nick Rolando
  • 25,879
  • 13
  • 79
  • 119
0

Is this IIS6 or 7?

If II6 make sure the application pools Identity is set to that of a domain account.

If IIS7 make sure under Basic Settings it is set to that of a domain account.

Hope this is helpul.

xqwzid
  • 520
  • 3
  • 14
0

A quick fix is to set the identity of your local IIS to use your login credentials instead of the default system account.

rkw
  • 7,287
  • 4
  • 26
  • 39
  • Hmm. That side steps the issue but it may be good enough...My IIS is currently running under IUSR_ with a password that is hidden from me. If I try to switch back to running under this account, will I be required to supply the password? It seems unlikely to me that I should be but I thought I had an issue in the past when I tried to switch back and I am a little leary now. – Chad Jul 21 '11 at 12:38
  • When you switch the user, make sure you do it at the top most level, and let it ripple to all the child directories. This comment is only relevant if you host more than one application on your localhost – rkw Jul 21 '11 at 23:32