Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END
3  3605 
Is the production server a domain member of the AD domain?
Willy.
"David Moore" <da***@realdevelopments.com> wrote in message news:OD**************@TK2MSFTNGP12.phx.gbl...
Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END
Yes it is
"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:OD**************@TK2MSFTNGP09.phx.gbl...
Is the production server a domain member of the AD domain?
Willy.
"David Moore" <da***@realdevelopments.com> wrote in message
news:OD**************@TK2MSFTNGP12.phx.gbl...
Hello
I am using the System.DirectoryServices namespace classes to access Active
Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a
particular box in our production environment. When we try to connect and do
a search, we get a "The authentication mechanism is unknown" error. I have
searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and
found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the
same code we used in our application, but allowing us to have logging and
see the stack trace. We ran this as a console application, then as a ASP.NET
application, with the same result (it works, and defaults to the Secure
authentication type - except it breaks on the production box!). Trying other
authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an
throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean
findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text,
txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'",
ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse(
typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring
AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames(
typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text,
txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}",
entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}",
entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals =
result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory
entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END
>Yes it is
I'd recommend
a) to check out the microsoft.public.adsi.general newsgroup - lots of
AD cracks there
b) Look into ASP.NET issues - things like what context does the app
run under etc.
c) Check out the Directory Services + ADSI Yahoo! group - again, lots
of AD and ASP.NET cracks there http://groups.yahoo.com/group/ADSIANDDirectoryServices/
d) LEARN hot to post in PURE text (*NOT* HTML) and LIMIT QUOTING when
answeing..... (just to answer "yes it is", you don't need to repeat
300 lines of other text........)
Thanks!
Marc
================================================== ==============
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: David Moore |
last post by:
Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but...
|
by: huzz |
last post by:
I have web application that quaries the Active Directory to get user
details.. everything works fine but someday I'll get
System.Runtime.InteropServices.COMExection and if I restart the client...
|
by: - Steve - |
last post by:
I have forms based authentication working, using my Active Directory for
authentication.
I have a web page that creates a user in active directory. When I was using
IIS authentication it worked...
|
by: Andrew |
last post by:
Hey all,
Working on revamping our Intranet here and making use of the LDPA, Active
Directory, Directory Services, etc. that .Net provides. I am still fairly
new on this subject, so the problem...
|
by: Benny Ng |
last post by:
Hi,all,
How to let the sub-directory to avoid the authentication control from Root's
webconfig?
I heard that we can add a new web.config to the sub-directory. And then we
can slove the problem....
|
by: varkey.mathew |
last post by:
Dear all,
Bear with me, a poor newbie(atleast in AD)..
I have to authenticate a user ID and password for a user as a valid
Active Directory user or not. I have created the IsAuthenticated...
|
by: P Webster |
last post by:
We recently moved a web site that validated user credentials in Active
Directory from IIS 5.1 to IIS 6, and the validation code no longer works.
The web.config file is set to Windows authentication...
|
by: Arthur |
last post by:
Hi All,
I would like to get the name of the user given their networkID, is this
something Active Directory would be useful for?(For intranet users)
If so, can you please point me to some sample...
|
by: troywalker |
last post by:
I am new to LDAP and Directory Services, and I have a project that
requires me to authenticate users against a Sun Java System Directory
Server in order to access the application. I have found...
|
by: rogerjames1 |
last post by:
How would I go about protecting a whole directory, e.g.
http://www.example.com/members/ and all sub-directories with login
protection? I wouldn't like to put a .php script in each directory and...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
