I've seen many answers for that problem but none seem to fit to my. I'm strugguling very much with AD Authentication. The situation looks like this.
We cave three domain controllers. We want to connecto the right one so that we don't get this exception. Situation is like that: on my local machine I'm not facing any issues but when deployin to IIS on the server every time I Authenticate over the AD I get this error. Here is the code that I'm using. This is after several of my corrections checks and info from google and stackoverflow:
public PrincipalContext GetPrincipalContext(string domainName, string userName, string password)
{
try
{
this.logger.Info("Connecting to LDAP");
var domainContext = new DirectoryContext(DirectoryContextType.Domain,userName, password);
var domain = Domain.GetDomain(domainContext);
var controller = domain.FindDomainController();
this.logger.Info("IP Address: {0}", controller.IPAddress);
this.logger.Info("Domain: {0}", controller.Domain.Name);
this.logger.Info("Controller name: {0}", controller.Name);
this.logger.Info("Site name: {0}", controller.SiteName);
this.logger.Info("Schema name: {0}", controller.Forest.Schema.Name);
var context = new PrincipalContext(ContextType.Domain, "makler.local", "DC=makler,DC=local");
this.logger.Info("context.ConnectedServer {0}", context.ConnectedServer);
this.logger.Info("context.Container {0}", context.Container);
this.logger.Info("context.ContextType {0}", context.ContextType);
this.logger.Info(" context.Options {0}", context.Options);
this.logger.Info("context.UserName {0}", context.UserName);
return context;
}
catch (Exception ex)
{
this.logger.Info("Could not connecto to LDAP: {0}", ex.Message);
throw new ApplicationException(string.Format("Could not connecto to LDAP: {0}", ex.Message));
}
}
Here is where I'm getting the UserPrincipal so that I have some user info about the groups and things like that:
public UserPrincipal GetUserPrincipal(PrincipalContext principalContext, string userName)
{
try
{
this.logger.Info("Getting user principal, connected server {0}", principalContext.ConnectedServer);
return UserPrincipal.FindByIdentity(principalContext, userName);
}
catch (Exception ex)
{
this.logger.Info("GetUserPrincipal exception {0}", ex.Message);
throw new ApplicationException(string.Format("GetUserPrincipal exception {0}", ex.Message));
}
}
When I look through the log paths, it seems that this problem is comming not from the PrincipalContext but from the UserPrincipal. There are a lot of things which I don't know about AD but here is what I've tried:
- Passing as paramter an IP Addres
- Passing a domain name like you see in the code
- I've tried also passing the IP address of the domain controller which I get in fact from the controller variable.
Nothing seemed to work. As I mentioned we have three domains alfa. beta, gamma let's say. No matter what I try, I'm always getting the exception that he's trying to connecto to alfa. Any ideas? Sorry for the long question but I've tried to be as most specific as I can. I can tell you also that problem disapears when administrators add this alfa controller to firewall but this is not nice. We are depending on a fact that this controller will always live, but what to do when it dies? I would like thave my application let's say bulletproof in that moment :)
ps. I would not want to use the DirectoryEntry approach, because it's painfull as I have to know all the query things etc. If this would be the only way, then I would appreciate some simple tutorial about that, maybe explaining this step by step.
