Hello
I am using the System.Director yServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@L DAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationT ypes
Setting LDAP Search Filter to (samaccountname =mgsmith)
Executing search.FindOne( )...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@L DAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationT ypes
Setting LDAP Search Filter to (samaccountname =mgsmith)
Executing search.FindOne( )...
Exception: The authentication mechanism is unknown
Stack Trace: at System.Director yServices.Direc toryEntry.Bind( Boolean throwIfFail)
at System.Director yServices.Direc toryEntry.Bind( )
at System.Director yServices.Direc toryEntry.get_A dsObject()
at System.Director yServices.Direc torySearcher.Fi ndAll(Boolean findMoreThanOne )
at System.Director yServices.Direc torySearcher.Fi ndOne()
at Sandbox.WebForm 1.cmdLogin_Clic k(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write(" Connecting to {0}:{1}@{2}", txtUsername.Tex t, txtPassword.Tex t, txtUri.Text);
DirectoryEntry entry;
Console.WriteLi ne(" with authentication type '{0}'", ddlAuthenticati onType.Selected Item.Value);
AuthenticationT ypes authTypeValue = new AuthenticationT ypes();
try
{
authTypeValue = (Authentication Types) Enum.Parse( typeof(Authenti cationTypes), ddlAuthenticati onType.Selected Item.Value,true );
}
catch(Exception ex)
{
Console.WriteLi ne("There was an exception when configuring AuthenticationT ypes. Message: {0}", ex.Message);
Console.WriteLi ne("Available AuthenticationT ypes:");
foreach( string enumName in Enum.GetNames( typeof(Authenti cationTypes) ) )
{
Console.WriteLi ne(" {0}", enumName);
}
Environment.Exi t(2);
}
entry = new DirectoryEntry( txtUri.Text, txtUsername.Tex t, txtPassword.Tex t, authTypeValue);
Console.WriteLi ne("Authenticat ion Type = {0}", entry.Authentic ationType.ToStr ing() );
Console.WriteLi ne("Type = {0}", entry.Authentic ationType.GetTy pe().Name);
// Set up the LDAP search filter
DirectorySearch er searcher = new DirectorySearch er( entry );
searcher.Filter = "(samaccountnam e=" + txtLookup.Text + ")";
Console.WriteLi ne("Setting LDAP Search Filter to {0}", searcher.Filter );
// Find the first occurance for the search filter
Console.WriteLi ne("Executing search.FindOne( )...");
SearchResult result = searcher.FindOn e();
Console.WriteLi ne("Search was successful.");
if (result != null)
{
Console.WriteLi ne("Search found an entry.");
// Store the employee id
Console.WriteLi ne("Looking up employeeid");
ResultPropertyV alueCollection propVals = result.Properti es["employeeid "];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLi ne("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLi ne("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLi ne("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLi ne("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLi ne("Exception: " + ex.Message );
Console.WriteLi ne("Stack Trace: " + ex.StackTrace);
}
END
3  3652 
Is the production server a domain member of the AD domain?
Willy.
"David Moore" <da***@realdeve lopments.com> wrote in message news:OD******** ******@TK2MSFTN GP12.phx.gbl...
Hello
I am using the System.Director yServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@L DAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationT ypes
Setting LDAP Search Filter to (samaccountname =mgsmith)
Executing search.FindOne( )...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@L DAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationT ypes
Setting LDAP Search Filter to (samaccountname =mgsmith)
Executing search.FindOne( )...
Exception: The authentication mechanism is unknown
Stack Trace: at System.Director yServices.Direc toryEntry.Bind( Boolean throwIfFail)
at System.Director yServices.Direc toryEntry.Bind( )
at System.Director yServices.Direc toryEntry.get_A dsObject()
at System.Director yServices.Direc torySearcher.Fi ndAll(Boolean findMoreThanOne )
at System.Director yServices.Direc torySearcher.Fi ndOne()
at Sandbox.WebForm 1.cmdLogin_Clic k(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write(" Connecting to {0}:{1}@{2}", txtUsername.Tex t, txtPassword.Tex t, txtUri.Text);
DirectoryEntry entry;
Console.WriteLi ne(" with authentication type '{0}'", ddlAuthenticati onType.Selected Item.Value);
AuthenticationT ypes authTypeValue = new AuthenticationT ypes();
try
{
authTypeValue = (Authentication Types) Enum.Parse( typeof(Authenti cationTypes), ddlAuthenticati onType.Selected Item.Value,true );
}
catch(Exception ex)
{
Console.WriteLi ne("There was an exception when configuring AuthenticationT ypes. Message: {0}", ex.Message);
Console.WriteLi ne("Available AuthenticationT ypes:");
foreach( string enumName in Enum.GetNames( typeof(Authenti cationTypes) ) )
{
Console.WriteLi ne(" {0}", enumName);
}
Environment.Exi t(2);
}
entry = new DirectoryEntry( txtUri.Text, txtUsername.Tex t, txtPassword.Tex t, authTypeValue);
Console.WriteLi ne("Authenticat ion Type = {0}", entry.Authentic ationType.ToStr ing() );
Console.WriteLi ne("Type = {0}", entry.Authentic ationType.GetTy pe().Name);
// Set up the LDAP search filter
DirectorySearch er searcher = new DirectorySearch er( entry );
searcher.Filter = "(samaccountnam e=" + txtLookup.Text + ")";
Console.WriteLi ne("Setting LDAP Search Filter to {0}", searcher.Filter );
// Find the first occurance for the search filter
Console.WriteLi ne("Executing search.FindOne( )...");
SearchResult result = searcher.FindOn e();
Console.WriteLi ne("Search was successful.");
if (result != null)
{
Console.WriteLi ne("Search found an entry.");
// Store the employee id
Console.WriteLi ne("Looking up employeeid");
ResultPropertyV alueCollection propVals = result.Properti es["employeeid "];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLi ne("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLi ne("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLi ne("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLi ne("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLi ne("Exception: " + ex.Message );
Console.WriteLi ne("Stack Trace: " + ex.StackTrace);
}
END
Yes it is
"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:OD******** ******@TK2MSFTN GP09.phx.gbl...
Is the production server a domain member of the AD domain?
Willy.
"David Moore" <da***@realdeve lopments.com> wrote in message
news:OD******** ******@TK2MSFTN GP12.phx.gbl...
Hello
I am using the System.Director yServices namespace classes to access Active
Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a
particular box in our production environment. When we try to connect and do
a search, we get a "The authentication mechanism is unknown" error. I have
searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and
found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the
same code we used in our application, but allowing us to have logging and
see the stack trace. We ran this as a console application, then as a ASP.NET
application, with the same result (it works, and defaults to the Secure
authentication type - except it breaks on the production box!). Trying other
authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@L DAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationT ypes
Setting LDAP Search Filter to (samaccountname =mgsmith)
Executing search.FindOne( )...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@L DAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationT ypes
Setting LDAP Search Filter to (samaccountname =mgsmith)
Executing search.FindOne( )...
Exception: The authentication mechanism is unknown
Stack Trace: at System.Director yServices.Direc toryEntry.Bind( Boolean
throwIfFail)
at System.Director yServices.Direc toryEntry.Bind( )
at System.Director yServices.Direc toryEntry.get_A dsObject()
at System.Director yServices.Direc torySearcher.Fi ndAll(Boolean
findMoreThanOne )
at System.Director yServices.Direc torySearcher.Fi ndOne()
at Sandbox.WebForm 1.cmdLogin_Clic k(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write(" Connecting to {0}:{1}@{2}", txtUsername.Tex t,
txtPassword.Tex t, txtUri.Text);
DirectoryEntry entry;
Console.WriteLi ne(" with authentication type '{0}'",
ddlAuthenticati onType.Selected Item.Value);
AuthenticationT ypes authTypeValue = new AuthenticationT ypes();
try
{
authTypeValue = (Authentication Types) Enum.Parse(
typeof(Authenti cationTypes), ddlAuthenticati onType.Selected Item.Value,true );
}
catch(Exception ex)
{
Console.WriteLi ne("There was an exception when configuring
AuthenticationT ypes. Message: {0}", ex.Message);
Console.WriteLi ne("Available AuthenticationT ypes:");
foreach( string enumName in Enum.GetNames(
typeof(Authenti cationTypes) ) )
{
Console.WriteLi ne(" {0}", enumName);
}
Environment.Exi t(2);
}
entry = new DirectoryEntry( txtUri.Text, txtUsername.Tex t,
txtPassword.Tex t, authTypeValue);
Console.WriteLi ne("Authenticat ion Type = {0}",
entry.Authentic ationType.ToStr ing() );
Console.WriteLi ne("Type = {0}",
entry.Authentic ationType.GetTy pe().Name);
// Set up the LDAP search filter
DirectorySearch er searcher = new DirectorySearch er( entry );
searcher.Filter = "(samaccountnam e=" + txtLookup.Text + ")";
Console.WriteLi ne("Setting LDAP Search Filter to {0}", searcher.Filter );
// Find the first occurance for the search filter
Console.WriteLi ne("Executing search.FindOne( )...");
SearchResult result = searcher.FindOn e();
Console.WriteLi ne("Search was successful.");
if (result != null)
{
Console.WriteLi ne("Search found an entry.");
// Store the employee id
Console.WriteLi ne("Looking up employeeid");
ResultPropertyV alueCollection propVals =
result.Properti es["employeeid "];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLi ne("Couldn't find employee ID in directory
entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLi ne("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLi ne("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLi ne("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLi ne("Exception: " + ex.Message );
Console.WriteLi ne("Stack Trace: " + ex.StackTrace);
}
END
>Yes it is
I'd recommend
a) to check out the microsoft.publi c.adsi.general newsgroup - lots of
AD cracks there
b) Look into ASP.NET issues - things like what context does the app
run under etc.
c) Check out the Directory Services + ADSI Yahoo! group - again, lots
of AD and ASP.NET cracks there http://groups.yahoo.com/group/ADSIANDDirectoryServices/
d) LEARN hot to post in PURE text (*NOT* HTML) and LIMIT QUOTING when
answeing..... (just to answer "yes it is", you don't need to repeat
300 lines of other text........)
Thanks!
Marc
=============== =============== =============== =============== ====
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)i nova.ch This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: David Moore |
last post by:
Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this...
|
by: huzz |
last post by:
I have web application that quaries the Active Directory to get user
details.. everything works fine but someday I'll get
System.Runtime.InteropServices.COMExection and if I restart the client
machine then it works again.
here is one of the method where am calling the AD
public bool UserExist(string UserName)
{
|
by: - Steve - |
last post by:
I have forms based authentication working, using my Active Directory for
authentication.
I have a web page that creates a user in active directory. When I was using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run
as the user that logged in with the forms based authentication?
--
|
by: Andrew |
last post by:
Hey all,
Working on revamping our Intranet here and making use of the LDPA, Active
Directory, Directory Services, etc. that .Net provides. I am still fairly
new on this subject, so the problem I have run into I am not sure how to
fix, and really not sure what is causing it.
Here's what is going on (test server - Windows 2003 Server):
I have a page in a folder (under anonymous authentication in IIS6) that has
a link on it that...
|
by: Benny Ng |
last post by:
Hi,all,
How to let the sub-directory to avoid the authentication control from Root's
webconfig?
I heard that we can add a new web.config to the sub-directory. And then we
can slove the problem.
Virtual directory is £ºhttp://localhost/main
Sub-directory is : http://localhost/main/reminder
| | |
by: varkey.mathew |
last post by:
Dear all,
Bear with me, a poor newbie(atleast in AD)..
I have to authenticate a user ID and password for a user as a valid
Active Directory user or not. I have created the IsAuthenticated
function exactly as outlined in the below link.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp
|
by: P Webster |
last post by:
We recently moved a web site that validated user credentials in Active
Directory from IIS 5.1 to IIS 6, and the validation code no longer works.
The web.config file is set to Windows authentication because all we do is
verify the user on the login form so we can redirect them to the appropriate
page based on their group.
The code to authenticate is:
Public Function IsAuthenticated(ByVal domain As String, ByVal username As
String, ByVal...
|
by: Arthur |
last post by:
Hi All,
I would like to get the name of the user given their networkID, is this
something Active Directory would be useful for?(For intranet users)
If so, can you please point me to some sample code/examples?
Thanks in advance,
Arthur
|
by: troywalker |
last post by:
I am new to LDAP and Directory Services, and I have a project that
requires me to authenticate users against a Sun Java System Directory
Server in order to access the application. I have found dozens of
examples of how to authenticate users against Active Directory, but AD
seems to be a different animal than Sun Java System Directory Server.
Could someone provide me with an example of how to authenticate a user
against a Directory...
|
by: rogerjames1 |
last post by:
How would I go about protecting a whole directory, e.g.
http://www.example.com/members/ and all sub-directories with login
protection? I wouldn't like to put a .php script in each directory and
I'd like to protect all file-types
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
