Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
LDAP error using windows Authentication in IIS7.0

Answered LDAP error using windows Authentication in IIS7.0

  • Tuesday, June 19, 2012 7:25 AM
     
      Has Code
    Sign In to Vote
    0

    I'm facing probleming with LDAP. My Web server is IIS7.0(windows server 2008 R2). Its configured to use windows Authentication. I've pasted my asp page below.

    Web browser is IE8, Have added the website to intranet zone and enabled, send user details if intranet zone in security tab->custom level. Intigrated windows authentication is enabled in advanced tab.

    Web Application details

    Cluster control website and another website  which host below code.

    Application Name           Auth Type          Application pool       Application pool identity

    Cluster control:            Anonymous          Clustercontrol         Application pool identity

    Mywebsite1                 Windows              MyWebsite1            DNS account

    Now coming to problem

    If I try to access the website I get runtime error " method or property memberOf is not supported"

    Suppose I change the Authentication type to Basic authentication it asks credentials and signs in. Immedaitly after that if I change Authentication type to Windows. It works fine from the VM browser.It works even after I restart the browser.

    But it works only for 20min since Application Idle timeout is set to 20min(Can see WAS even log which says Application pool Website1 was closed due to incativity for 20min, new worker process will be created as and when its needed). It also doesn't work if I restart the app pool immediatly after I change windows AUth type.

    If I try to access the Website1 using cluster control using localhost, It prompts for credential and dosn't login. But If I try to access the below page using localhost it works perfect. 

    Can anyone suggest me what exactky going wrong over here?

    <%@ LANGUAGE="VBSCRIPT" %> 
    <% 
         Option Explicit 
     
    Dim oADSysInfo 
    Dim objUser 
    Dim strGroupData 
    Dim strUserDN 
         Dim arrGroups 
         Dim strGroup 
         Dim wsObject 
         Dim netSys 
         Dim strUsrDomain 
     
     strGroupData     = "" 
            Set wsObject = CreateObject("WScript.Shell") 
         Set netSys =   CreateObject("WScript.Network") 
     
     strUsrDomain     = netSys.UserDomain 
    Set oADSysInfo = CreateObject("ADSystemInfo") 
     
         If err.number <> 0 Then 
         'getLDAPGroupInfo = strGroupData 
          'wsObject.popup("Error"& e.decription) 
         'Exit Function 
         End If 
     strUserDN     = oADSysInfo.UserName 
         Set objUser = GetObject("LDAP://"& strUserDN) 
     arrGroups     = objUser.memberOf 
     
          If IsEmpty(arrGroups) Then 
          'Wscript.Echo "Member of no groups" 
         ElseIf (TypeName(arrGroups) = "String") Then 
          'Wscript.Echo "Member of group " & arrGroups 
      strGroupData     = arrGroups 
         Else 
     
          For Each strGroup In arrGroups 
       strGroupData     = strGroupData & "," & strGroup 
         Next 
          'strGroupData = arrGroups 
     
     
         End If  
         Response    .Write(strGroupData) 
    %> 
     

All Replies

  • Tuesday, June 19, 2012 8:02 AM
     
     
    Sign In to Vote
    0
    Now I can confirm that its a "Double-hop issue". What ever problem above I explained was seen in Double-Hope issue. Can any one explain me how to fix it. Though it could have been fixed if I had used ASPX. How can I fix in classical ASP
     
  • Thursday, June 21, 2012 7:59 AM
    Moderator
     
     Answered
    Sign In to Vote
    0
    Hi Karthik,

    Thanks for posting in Microsoft TechNet forums.

    Here are some links which might be helpful while troubleshooting Double Hop issue:

    The Double-Hop Problem

    http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx


    Double Hop and ASP.NET - a workaround.

    http://weblogs.asp.net/avnerk/archive/2004/09/22/232967.aspx

    IIS, Windows Authentication and the Double Hop issue

    http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx

    Regards

    Kevin

    TechNet Community Support

     
  • Friday, June 29, 2012 4:01 PM
     
     Answered
    Sign In to Vote
    1

    Thanks for your response

    I employed rather simple solution.

    Solution I employed was as follows.

    1. My Application is running under specific user identity(Physical path credential and Application pool idenity set to DNS account)

    2. I created another page with above code and ran under applcation pool identity and there by created a primary token key.

    3. Using that key I again connected to LDAP to query user related info by calling above code under virtual directory having  windows authentication and there by getting user details.

    Thanks for your help again

     
  • Monday, July 02, 2012 1:48 AM
    Moderator
     
     
    Sign In to Vote
    0
    Hi Karthik,
     
    Thanks for sharing your solution with us. 

    Please feel free to create new thread if you encounter other problem in the future.
      
    Best Regards
      
    Kevin