Avatar of iamuser
iamuser
 asked on

LDAP authentication failing from web page

on one of my web sites I set LDAP authentication via a LDAP query to my domain DC. if i go and log into the default main page authentication seems to work fine. If i go into a sub page containing a .aspx file authentication will fail

I get this message

Exception information:
    Exception type: System.DirectoryServices.AccountManagement.PrincipalServerDownException
    Exception message: The server could not be contacted.

Inner exception information (level 1):
    Exception type: System.DirectoryServices.Protocols.LdapException
    Exception message: The LDAP server is unavailable.
 
The only place where the LDAP string is declared is via the web.config file.
Web DevelopmentActive Directory.NET Programming

Avatar of undefined
Last Comment
iamuser

8/22/2022 - Mon
btan

I presume port 445 is already open for LDAP otherwise you see this exception. Also use of LDAPConnection class required DNS to connect to LDAP. Likewise, if impersonating user identity is used in order to connect to the LDAP, and if this user is not available in the active directory of that domain hosting the server content then an exception is thrown.

See (pertaining to DNS resolution) -
Users would randomly get this message when they Login, it was driving me crazy. I think I have fixed this problem by providing the full windows name and port instead of just using the AD server hostname.
<add key="LDAPPath" value="LDAP://LDAPSERVER.be.ndl.OURDOMAIN.com:389/DC=be,DC=ndl,DC=OURDOMAIN,DC=com"/>
See (pertaining to LDAP port) -
the error is fixed.
And yes it was a firewall problem. Our infrastructure guys checked our firewall to our data centre and all port needed were open. But ... there was another firewall. When we opened ldap-ssl and 445 the issue was solved.
Tip. I also added logging on the AD server. You can do this using the registry:
http://support.microsoft.com/kb/314980
https://social.msdn.microsoft.com/Forums/en-US/90a0578d-1d38-4190-88c1-92f93d2f1b8b/exception-using-activedirectorymembershipprovider-the-specified-domain-or-server-could-not-be?forum=netfxnetcom
ASKER CERTIFIED SOLUTION
iamuser

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
iamuser

ASKER
We never though to look at DNS for the cause
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck