Hey all,
I am creating a Login Page with Change Password functionality (ASP.NET w/ VB.NET code).
The users that I'm trying to change are located in a subdomain. (ex: subdomain.domain.com)
I can not seem to authenticate any user in a Subdomain.
When I use an application like Softerra's LDAP browser, it loads up the top level tree of the domain, and then after about 30 seconds the subdomain's DC is loaded with the appropriate users.
What I've done is piece each part of the LDAP programmatically:
- I obtain a list of all the domains, and then check each domain for the user matching what I have typed in for a login.
- If found, it returns the DN for the user, and then checks if a DirectoryEntry exists with that path.
- If it has, I then pass in the username and password to the domain in question.
The application tends to crap out whenever I try to authenticate any user in the subdomain with this as the innerexception message: "8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece"
Any ideas would be helpful.
In my Application I am doing the following:
The functions for each step are as follows:
I am creating a Login Page with Change Password functionality (ASP.NET w/ VB.NET code).
The users that I'm trying to change are located in a subdomain. (ex: subdomain.domain.com)
I can not seem to authenticate any user in a Subdomain.
When I use an application like Softerra's LDAP browser, it loads up the top level tree of the domain, and then after about 30 seconds the subdomain's DC is loaded with the appropriate users.
What I've done is piece each part of the LDAP programmatically:
- I obtain a list of all the domains, and then check each domain for the user matching what I have typed in for a login.
- If found, it returns the DN for the user, and then checks if a DirectoryEntry exists with that path.
- If it has, I then pass in the username and password to the domain in question.
The application tends to crap out whenever I try to authenticate any user in the subdomain with this as the innerexception message: "8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece"
Any ideas would be helpful.
In my Application I am doing the following:
Code:
Protected Sub btnAuthenticate_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lbtnGoTime.Click
Try
Dim arrDomains As New ArrayList
Dim DomainUsed As String
Dim arrUsers As New ArrayList
Dim blnExists As Boolean
Dim blnAuthenticated As Boolean
'Populate the Domains into an Array List.
arrDomains = EnumerateDomains()
'Check each domain for the username entered above.
For counter As Integer = 0 To arrDomains.Count - 1
arrUsers = GetAllADDomainUsers(arrDomains.Item(counter).ToString, txtUserName.Text.Trim())
If arrUsers.Count > 0 Then
DomainUsed = arrDomains.Item(counter).ToString
Exit For
End If
Next
'Check to see if each user in the Arraylist exists in LDAP.
For usercounter As Integer = 0 To arrUsers.Count - 1
blnExists = DoesItExist(arrUsers.Item(usercounter).ToString)
Next
'If the user exists in the system, try to authenticate
If blnExists Then
blnAuthenticated = Authenticate(txtUserName.Text.Trim, txtPassword.Text.Trim, DomainUsed)
If blnAuthenticated Then
lblGoResult.Text = "User Authenticated."
Else
lblGoResult.Text = "User Failed Authentication."
End If
Else
lblGoResult.Text = "User not found."
End If
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
End Sub
The functions for each step are as follows:
Code:
Public Function EnumerateDomains() As ArrayList
Try
Dim alDomains As New ArrayList()
Dim currentForest As Forest = Forest.GetCurrentForest()
Dim myDomains As DomainCollection = currentForest.Domains
For Each objDomain As Domain In myDomains
alDomains.Add("LDAP://" & objDomain.Name & ":389")
Next
Return alDomains
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
End Function
Public Function GetAllADDomainUsers(ByVal myPath As String, ByVal username As String) As ArrayList
Try
Dim allUsers As New ArrayList()
Dim searchRoot As New DirectoryEntry(myPath)
Dim search As New DirectorySearcher(searchRoot)
Dim result As SearchResult
Dim resultCol As SearchResultCollection
search.Filter = "(SAMAccountName=" & username & ")"
search.PropertiesToLoad.Add("distinguishedName")
resultCol = search.FindAll()
If resultCol IsNot Nothing Then
For counter As Integer = 0 To resultCol.Count - 1
result = resultCol(counter)
If result.Properties.Contains("distinguishedName") Then
allUsers.Add(DirectCast(result.Properties("distinguishedName")(0), String))
End If
Next
End If
Return allUsers
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
End Function
' This method does not need you to know the distinguishedName,
' you can concat strings or even guess a location and it will
' still run (and return false if not found).
Public Function DoesItExist(ByVal objectPath As String) As Boolean
Try
Dim found As Boolean = False
If DirectoryEntry.Exists("LDAP://" + objectPath) Then
found = True
End If
Return found
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
End Function
Public Function Authenticate(ByVal userName As String, ByVal password As String, ByVal domain As String) As Boolean
Dim authentic As Boolean = False
Dim ts As New TimeSpan(0, 0, 30)
Try
Dim entry As New DirectoryEntry(domain, userName, password)
Dim nativeObject As Object = entry.NativeObject
authentic = True
Catch generatedExceptionName As DirectoryServicesCOMException
End Try
Return authentic
End Function