I am trying to search Active Direcoty to pull user information. I have a correct LDAP string assigned but i get the following error: System.DirectoryServices.DirectoryServicesCOMExcep tion (0x8007052E): Logon failure: unknown user name or bad password.

I am trying to get user details just passing user name. I am not sure if password is required as well because when i try to search users in different AD server, i can pull out the user details just passing the username. any help?

thanks

That usually means the account running the code does not have authority to query Active Directory. You'll have to tell us something about your scenario, is it web based, desktop based etc?

--

Joe (Microsoft MVP - XML)

this is a web-based application. what happens is if i just pass the user name, i can just get all the info for the user. now, i try to validate by passing both username and password, then it throws the error. and i know that the password is correct.

any idea?

I think you maybe passing the wrong credentials, the app needs the account running the code to have permission to extract the data, or a legitimate set of credentials otherwise. The password of the actual user being searched is irrelevant. Can you show a simplified version of the code you are using and also state which account the web server is running under?

--

Joe (Microsoft MVP - XML)

You have a couple of choices here but, as joe said, it would be much easier for us to help you if we could see your code.

First off, a good explination of what you want to do can be found in chapter 12 of: Professional ASP.NET 2.0 Security, Membership, and Role Management ( http://www.wrox.com/WileyCDA/WroxTit...764596985.html ) as chapter 12 covers the ActiveDirectoryMembershipProvider at great length and how to query AD using that provider.

Alternatively you can read that book at http://wrox.books24x7.com (and alot of the other Wrox publications for that matter) and it only costs $49.99 per 3 months. ^^

In any event, without seeing yoru code, you have a couple of ways to solve this.

First, you could setup Integrated Windows Authentication for your web directory but, by doing this, you make at least 1 assumption: That the windows account accessing the resource has the necessary rights to query Active Directory.

Secondly, you could use impersonation through your web.config so that the your application runs as X Domain Account that has the rights to query Active Directory.

hth.



================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
Technical Editor for:
Professional Search Engine Optimization with ASP.NET
Professional IIS 7 and ASP.NET Integrated Programming
Wrox Blox: Introduction to Google Gears
Wrox Blox: Create Amazing Custom User Interfaces with WPF and .NET 3.0
================================================== =========

here is my code. if i just run the code like it, then i would get the student info. if I uncomment the code line below for DirectoryEntry and comment out the line above, the i get the invalid credential error.

Note:
I am authenticating the user from another domain. i am running this code in my local box and it's in different domain. and when i talked to our Network guy, he said those two domains trust each other and i would think so as well since i can pull the data if i just pass the username.

string strUserName = "abc123";
string strLDAPConnection = "LDAP://domainname";
DirectoryEntry dirEntry = new DirectoryEntry(strLDAPConnection);
//DirectoryEntry dirEntry = new DirectoryEntry(strLDAPConnection, strUserName, "001502");
DirectorySearcher searcher = new DirectorySearcher(dirEntry);
searcher.Filter = "(samaccountname=" + strUserName + ")";
searcher.SearchScope = SearchScope.Subtree;
SearchResult sResult = null;
bool blUserAthenticated = false;
try
       {
            sResult = searcher.FindOne();
            blUserAthenticated = true;
        }
        catch (Exception ex)
        {
            Response.Write(ex);
            blUserAthenticated = false;
        }

        if (sResult == null)
            blUserAthenticated = false;

        if (blUserAthenticated)
        {
            Response.Write("<b>UserName:</b> " + GetProperty(sResult, "samaccountname"));
            Response.Write("<br>");
            Response.Write("<b>First Name:</b> " + GetProperty(sResult, "givenname"));
            Response.Write("<br>");
            Response.Write("<b>Last Name:</b> " + GetProperty(sResult, "sn"));
            dirEntry.RefreshCache();
        }
        dirEntry.Close();
public string GetProperty(SearchResult sr, string propertyName)
    {
        if (sr.Properties.Contains(propertyName))
        {
            return sr.Properties[propertyName][0].ToString();
        }
        else
        {
            return string.Empty;
        }
    }

thanks

Well I would try it with your username and password, not the user you are searching for and also try using a different constructor, --

Joe (Microsoft MVP - XML)

Joe, thanks for your quick response, i would really appreciate it.

and it worked when I passed the AuthenticationTypes.Delegation. I was using AuthenticationTypes.Secure.

would you please give more info what's the difference and how it would affect the web application because I use AuthenticationTypes.Secure in the same application for other users and it works fine. Eventhough its a cross domain thing, how do i know when to use either one.

thanks

To be honest I've never used it, I just looked it up on msdn2.com, ther's a list of types there with what they mean.

--

Joe (Microsoft MVP - XML)

would you please tell me one thing that when for some users i don't even use any authentication type and which is working fine. i just pass the user name and password.

is it the reason that the webserver is in the same domain where the AD domain is? and in the case where i was having trouble, the users i was trying to authenticate were in different domain than the webserver domain?

thanks