Tuesday, June 19, 2012 7:25 AM
I'm facing probleming with LDAP. My Web server is IIS7.0(windows server 2008 R2). Its configured to use windows Authentication. I've pasted my asp page below.
Web browser is IE8, Have added the website to intranet zone and enabled, send user details if intranet zone in security tab->custom level. Intigrated windows authentication is enabled in advanced tab.
Web Application details
Cluster control website and another website which host below code.
Application Name Auth Type Application pool Application pool identity
Cluster control: Anonymous Clustercontrol Application pool identity
Mywebsite1 Windows MyWebsite1 DNS account
Now coming to problem
If I try to access the website I get runtime error " method or property memberOf is not supported"
Suppose I change the Authentication type to Basic authentication it asks credentials and signs in. Immedaitly after that if I change Authentication type to Windows. It works fine from the VM browser.It works even after I restart the browser.
But it works only for 20min since Application Idle timeout is set to 20min(Can see WAS even log which says Application pool Website1 was closed due to incativity for 20min, new worker process will be created as and when its needed). It also doesn't work if I restart the app pool immediatly after I change windows AUth type.
If I try to access the Website1 using cluster control using localhost, It prompts for credential and dosn't login. But If I try to access the below page using localhost it works perfect.
Can anyone suggest me what exactky going wrong over here?
<%@ LANGUAGE="VBSCRIPT" %>
strGroupData = ""
Set wsObject = CreateObject("WScript.Shell")
Set netSys = CreateObject("WScript.Network")
strUsrDomain = netSys.UserDomain
Set oADSysInfo = CreateObject("ADSystemInfo")
If err.number <> 0 Then
'getLDAPGroupInfo = strGroupData
strUserDN = oADSysInfo.UserName
Set objUser = GetObject("LDAP://"& strUserDN)
arrGroups = objUser.memberOf
If IsEmpty(arrGroups) Then
'Wscript.Echo "Member of no groups"
ElseIf (TypeName(arrGroups) = "String") Then
'Wscript.Echo "Member of group " & arrGroups
strGroupData = arrGroups
For Each strGroup In arrGroups
strGroupData = strGroupData & "," & strGroup
'strGroupData = arrGroups
Tuesday, June 19, 2012 8:02 AMNow I can confirm that its a "Double-hop issue". What ever problem above I explained was seen in Double-Hope issue. Can any one explain me how to fix it. Though it could have been fixed if I had used ASPX. How can I fix in classical ASP
Thursday, June 21, 2012 7:59 AMModeratorHi Karthik,
Thanks for posting in Microsoft TechNet forums.
Here are some links which might be helpful while troubleshooting Double Hop issue:
The Double-Hop Problem
Double Hop and ASP.NET - a workaround.
IIS, Windows Authentication and the Double Hop issue
TechNet Community Support
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Monday, June 25, 2012 2:37 AM
Friday, June 29, 2012 4:01 PM
Thanks for your response
I employed rather simple solution.
Solution I employed was as follows.
1. My Application is running under specific user identity(Physical path credential and Application pool idenity set to DNS account)
2. I created another page with above code and ran under applcation pool identity and there by created a primary token key.
3. Using that key I again connected to LDAP to query user related info by calling above code under virtual directory having windows authentication and there by getting user details.
Thanks for your help again
- Marked As Answer by Karthik Prasad Friday, June 29, 2012 4:01 PM
Monday, July 02, 2012 1:48 AMModeratorHi Karthik,
Thanks for sharing your solution with us.
Please feel free to create new thread if you encounter other problem in the future.