How to access Active Directory information via ASP.NET page


Perhaps you can help.

I am trying to capture Active Directory information such as "title" via ASP.NET page when one enters a valid "NT username" in a textbox and hits a button.

Curiously, this works in the development environment of Visual Studio 2010 when I run the project but not when I deploy to IIS(V6). I have Integrated Windows Security ticked and Enable Anonymous Access unticked. (Windows Server 2003 SP2)

My knowledge of issues such as Active Directory is scanty.

I enclose the relevant files.

Many thanks,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shaun KlineLead Software EngineerCommented:
Are you getting an error when you attempt to access AD or are you just not getting the Title value?

Depending on how AD is setup, it is possible that your general users do not have the ability to search AD. If this is the case, you would need to use impersonation to perform the search.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TableclothAuthor Commented:
Thanks Shaun,

That was quick!

Accessing AD is the problem: the error message is:
System.NullReferenceException: Object reference not set to an instance of an object. at sender, EventArgs e) in C:\blah blah\top.aspx.vb:line 156.

Forgive me but what does this entail:
.. you would need to use impersonation to perform the search..

(I never got a grip on these issues )
TableclothAuthor Commented:
line 156 = sresult = dssearch.FindOne()
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Shaun KlineLead Software EngineerCommented:
You can use the System.Web.Hosting.HostingEnvironment.Impersonate() for impersonation. Try using these modifications to your code:

    connection = ConfigurationManager.ConnectionStrings("ADConnection").ToString()
    Using System.Web.Hosting.HostingEnvironment.Impersonate()
        dssearch = New System.DirectoryServices.DirectorySearcher(connection)
        dssearch.Filter = "(sAMAccountName=" + UserName + ")"
        sresult = dssearch.FindOne() 'sresult = "mminehan"

Open in new window

and prior to the Catch statement add:
End Using

Open in new window

The one catch with this method is that account assigned to the application pool for your website will need permission to search your AD environment. Otherwise, the directory search will fail, and I believe it is with the NullReference exception you experienced.
You can impersonate a domain user who has permissions to the AD.  Just add this to <configuration> section of your Web.Config.

  <location path="top.aspx">
      <identity impersonate="true" userName="<DOMAIN>\domainuser" password="domainuserPassword"/>

Open in new window

FYI, if you want to ask for your login and password just leave out the username and password.
  <location path="top.aspx">
      <identity impersonate="true" />

Open in new window

This article describes it in detail:
TableclothAuthor Commented:
Thanks guys,

Unfortunately I'm getting errors ...

Incidentally, how do I ensure/ implement the observation:

"The account assigned to the application pool for your website will need permission to search your AD environment. Otherwise, the directory search will fail, and I believe it is with the NullReference exception you experienced."
Is the "Task" sub-folder a separate web application in the IIS application pool?  In IIS right click the task sub-folder and go to Properties.  In the Directory tab, under Application settings, you need to click the Create button.

This article will describe it in more detail:
The other way to get access to the AD is setup a special Application Pool with an account that access to the AD.

Then assign that application pool to your web application.

Disclaimer: This application pool should only be used in applications that are accessible via an Intranet.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Applications

From novice to tech pro — start learning today.