“The specified domain either does not exist or could not be contacted”
-
05-07-2019 - |
Question
I'm trying to use Integrated Windows Authentication combined with a DirectorySearcher to identify and authenticate the intranet user.
I'd managed to get some fairly simple code that seemed to do the trick, but when I tried on the live server I get the following error:
"The specified domain either does not exist or could not be contacted"
I can't debug the app on the live server so I copied it across to an old development server to test there. When I ran the app normally, it came up with the same error, so the I tried debugging in VS.... except it worked perfectly.
I suspect it's something to do with impersonation or to do with the LDAP call - obviously when it works for the debugger it's hard to be sure what the real problem is.
But I figured one of you guys will be able to point me in the right direction.
Snippets from my authentication class:
Private Function GetUserID() As String
Dim sID As String = HttpContext.Current.User.Identity.Name
Return Mid(sID, InStr(sID, "\") + 1)
End Function
Private Function GetDisplayName() As String
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim sName As String = String.Empty
With oSearcher
.Filter = String.Format("(SAMAccountName={0})", _UserID)
.PropertiesToLoad.Add("displayName")
oResult = .FindOne()
If Not oResult Is Nothing Then
sName = oResult.Properties("displayName")(0).ToString()
End If
End With
Return sName
End Function
Private Function GetEmail() As String
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim sEmail As String = String.Empty
With oSearcher
.Filter = String.Format("(SAMAccountName={0})", _UserID)
.PropertiesToLoad.Add("mail")
oResult = .FindOne()
If Not oResult Is Nothing Then
sEmail = oResult.Properties("mail")(0).ToString()
End If
End With
Return sEmail
End Function
Private Function GetGroups() As StringCollection
Dim oSearcher As New DirectorySearcher
Dim oResult As SearchResult
Dim colGroups As New StringCollection
Dim i As Int16
With oSearcher
.Filter = String.Format("(cn=" & _UserName & ")", _UserID)
.PropertiesToLoad.Add("memberOf")
oResult = .FindOne()
If Not oResult Is Nothing Then
Dim iGroupCount As Int16 = oResult.Properties("memberOf").Count
For i = 0 To iGroupCount - 1
colGroups.Add(oResult.Properties("memberOf")(i).ToString())
Next
End If
End With
Return colGroups
End Function
Solution
I've found it much easier to use the System.DirectoryServices.AccountManagement namespace for this kind of thing, in your case the UserPrincipal class is your friend.
Private Function GetEmail() As String
Dim pc As PrincipalContext = new PrincipalContext(ContextType.Domain)
Dim wi As WindowsIdentity = HttpContext.Current.User.Identity
Dim up As UserPrincipal = UserPrincipal.FindByIdentity(pc, wi.Name)
Return up.EmailAddress
End Function
OTHER TIPS
I once had the same problem and I figured out that the cause of error was the way the url was written.
When using AD and ADSI ensure you are using "UPPER CASE" paths. As I can see from your code you are writing "cn" as lower case. [GetGroups function]
Another way I would try is to ensure that you are making a proper use of the "connectionstring" you are using.
LDAP://CN=" + username + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";
becomes
LDAP://orgname.ad.root/CN=" + username + ",OU=" + OU + ",OU=myOU,DC=myDC1,DC=myDC2";
where "orgname" it's the server name where AD is running on.
Hope this helps.
Here is another way of achieving the same functionality:
string fullPath = "LDAP://abc.xyz.com/DC=xyz, DC=com";
AuthenticationTypes authType = AuthenticationTypes.None;
DirectoryEntry verifiedUser = new DirectoryEntry(fullPath, txtUserName.Text.Trim(), txtPassword.Text.Trim(), authType);
verifiedUser.RefreshCache();
isAuthorisedUser = true;
This worked for me.