0

I spend a whole day and got nothing. I'm developing a web app that authenticate using domain user/password. The code is followed. the first half is ok, I can get output: "the user and pass is: True."

Then, UserPrincipal.FindByIdentity throws error, either "server sent a referer" or "unknown 0x80005000". I changed the connect parameters many times like: LDAP://CN=Users,DC=sbi,DC=com

CN=Users,DC=sbi,DC=com

DC=sbi,DC=com

for every one of those, the first half code is correct, I can get my user/pass successfully authenticated. But I cannot get the userPrincipal.

I googled a lot but still get nothing, someone please help.

    bool valid = false;
    using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "sbi.com", "LDAP://CN=Users,DC=sbi,DC=com"))
    {
        valid = context.ValidateCredentials(user, pass);
        System.Diagnostics.Debug.WriteLine("the user and pass is: " + valid.ToString());
    }
    //return;
    if (valid)
    {
        PrincipalContext context2 = new PrincipalContext(ContextType.Domain,
            "sbi.com", "CN=Users,DC=sbi,DC=com",
            ContextOptions.Negotiate | ContextOptions.Signing | ContextOptions.Sealing,
            user, pass);


        //System.Diagnostics.Debug.WriteLine("connected server:" + context2.ConnectedServer);

        UserPrincipal userInDomain = UserPrincipal.FindByIdentity(context2, user);
        if (userInDomain != null)
        {
            System.Diagnostics.Debug.WriteLine("user found: " + userInDomain.Name);
        }
        else
        {
            System.Diagnostics.Debug.WriteLine("user not found");
        }
    }
JimZ
  • 1,182
  • 1
  • 13
  • 30
  • Why yout recreate the context ? Is more simple to use the first context also for FindByIdentity. I suspect that flag (i.e. Signing, Negotiate, ecc) may be generate the error. For example Sealing are only use with kerberos. Check this link http://msdn.microsoft.com/en-US/library/system.directoryservices.accountmanagement.contextoptions.aspx – Max Aug 27 '13 at 09:18
  • Thank you Max, I recreate because method userPrincipal.FindByIdentity need validated user. And it's not the problem because even if I comment the first part, the rest still report the same error. I also changed the flag or not specify it, still no luck. MSDN says if the "container" has some error, it may report the PrincipalOperationException, which is exactly what I got. But I don't know if it is the "container":sbi.com/DC=sbi,DC=com, has some error – JimZ Aug 27 '13 at 23:39

1 Answers1

0

I just figure it out. If I don't specify the container string, it workds. Maybe something wrong with the container string.

JimZ
  • 1,182
  • 1
  • 13
  • 30