Problems accessing AD Groups
I'm trying this code - what is in the IF 1=1 THEN block - trying to enhance this backend ASP.Net / IIS code to handle AD Group Membership and not just Username/Password validation. I am getting no where - returning an error of: 0x80005000 - which is some unexpected AD error. Well - I could of told them that - I'm clueless here. I want to see if the USERNAME that was just validated for credentials, also has a group of "Census App" - or maybe "domain\Census App".
I tried IsMemberOf() method and got same error code.
I am running this code on a production client server - so all debugging is taking place via LogOutput calls to write to a .Log file.
Code:
If Not UserValid Then
Dim domainContext As PrincipalContext
If pcUN = "" Then
domainContext = New PrincipalContext(ContextType.Domain, pcDomain, pcContainer)
Else
domainContext = New PrincipalContext(ContextType.Domain, pcDomain, pcContainer, pcUN, pcPW)
End If
If domainContext.ValidateCredentials(credUN, credPW) Then
If blnDebugLogin Then LogOutput("10b:@UserValid")
If 1 = 1 Then
Dim userContext As UserPrincipal = UserPrincipal.FindByIdentity(domainContext, credUN)
LogOutput("10b2x")
Dim groups As PrincipalSearchResult(Of Principal) = userContext.GetGroups()
For Each p As Principal In groups
If TypeOf p Is GroupPrincipal Then
LogOutput("10b2:" & CType(p, GroupPrincipal).ToString())
End If
Next
UserValid = True
Else
UserValid = True
End If
Else
If blnDebugLogin Then LogOutput("10c:@ValidateCredentials false")
LogOutput("Log in failure (ValidateCredentials false): " & loginUsername & " " & credUN)
End If
End If
End If
Re: Problems accessing AD Groups
What does your pcContainer variable contents look like? If you are specifying a full LDAP path using the LDAP:// prefix, make sure LDAP is in all caps.
Re: Problems accessing AD Groups
I left the container blank - the un/pw check was working - I thought I was good enough.
Other client sites I do put a container value in WEB.CONFIG as well.
Are GROUPS in a container? Like I even know what I'm asking - this is not my realm.
Re: Problems accessing AD Groups
I put the container in - a few . levels and some / levels.
domain.xxxx.local/Locations/Central Office/Staff Groups
So the pcDomain is "domain"
The pcContainer is "xxxx.local...and so on..."
I can add or remove as many these container values and the .ValidateCredentials always works.
The looping through groups - is not working at all...
It is the .FindByIdentity() that is not working, I believe.
I am going to have to test this on a domain laptop and get away from running this in IIS remotely - no way to debug!