Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END
3  3608 
Is the production server a domain member of the AD domain?
Willy.
"David Moore" <da***@realdevelopments.com> wrote in message news:OD**************@TK2MSFTNGP12.phx.gbl...
Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END
Yes it is
"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:OD**************@TK2MSFTNGP09.phx.gbl...
Is the production server a domain member of the AD domain?
Willy.
"David Moore" <da***@realdevelopments.com> wrote in message
news:OD**************@TK2MSFTNGP12.phx.gbl...
Hello
I am using the System.DirectoryServices namespace classes to access Active
Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but doesn't work on a
particular box in our production environment. When we try to connect and do
a search, we get a "The authentication mechanism is unknown" error. I have
searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and
found this error, but noone can offer an explanation or a solution.
We put together a simple application to help us debug the problem, using the
same code we used in our application, but allowing us to have logging and
see the stack trace. We ran this as a console application, then as a ASP.NET
application, with the same result (it works, and defaults to the Secure
authentication type - except it breaks on the production box!). Trying other
authentication types doesn't help either.
Here is a successful output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457
Here is the problematic output:
Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an
throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean
findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)
Any help is much appreciated.
Cheers
Here is our test code:
try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text,
txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'",
ddlAuthenticationType.SelectedItem.Value);
AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse(
typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring
AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames(
typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text,
txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}",
entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}",
entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);
// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals =
result.Properties["employeeid"];
// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory
entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}
END
>Yes it is
I'd recommend
a) to check out the microsoft.public.adsi.general newsgroup - lots of
AD cracks there
b) Look into ASP.NET issues - things like what context does the app
run under etc.
c) Check out the Directory Services + ADSI Yahoo! group - again, lots
of AD and ASP.NET cracks there http://groups.yahoo.com/group/ADSIANDDirectoryServices/
d) LEARN hot to post in PURE text (*NOT* HTML) and LIMIT QUOTING when
answeing..... (just to answer "yes it is", you don't need to repeat
300 lines of other text........)
Thanks!
Marc
================================================== ==============
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: David Moore |
last post by:
Hello
I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.
The code works on local dev boxes, and in staging, but...
|
by: huzz |
last post by:
I have web application that quaries the Active Directory to get user
details.. everything works fine but someday I'll get
System.Runtime.InteropServices.COMExection and if I restart the client...
|
by: - Steve - |
last post by:
I have forms based authentication working, using my Active Directory for
authentication.
I have a web page that creates a user in active directory. When I was using
IIS authentication it worked...
|
by: Andrew |
last post by:
Hey all,
Working on revamping our Intranet here and making use of the LDPA, Active
Directory, Directory Services, etc. that .Net provides. I am still fairly
new on this subject, so the problem...
|
by: Benny Ng |
last post by:
Hi,all,
How to let the sub-directory to avoid the authentication control from Root's
webconfig?
I heard that we can add a new web.config to the sub-directory. And then we
can slove the problem....
|
by: varkey.mathew |
last post by:
Dear all,
Bear with me, a poor newbie(atleast in AD)..
I have to authenticate a user ID and password for a user as a valid
Active Directory user or not. I have created the IsAuthenticated...
|
by: P Webster |
last post by:
We recently moved a web site that validated user credentials in Active
Directory from IIS 5.1 to IIS 6, and the validation code no longer works.
The web.config file is set to Windows authentication...
|
by: Arthur |
last post by:
Hi All,
I would like to get the name of the user given their networkID, is this
something Active Directory would be useful for?(For intranet users)
If so, can you please point me to some sample...
|
by: troywalker |
last post by:
I am new to LDAP and Directory Services, and I have a project that
requires me to authenticate users against a Sun Java System Directory
Server in order to access the application. I have found...
|
by: rogerjames1 |
last post by:
How would I go about protecting a whole directory, e.g.
http://www.example.com/members/ and all sub-directories with login
protection? I wouldn't like to put a .php script in each directory and...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
