I'm having facing problemind with LDAP, its bit strange one. My Web server is IIS7.5(windows server 2008 R2). Its configured to use windows Authentication. I've pasted my asp page below.
Web browser is IE8, Have added the website to intranet zone and enabled send, user details if intranet zone in security tab->custom level. Intigrated windows authentication is enabled in advanced tab.
Everything works fine for 20minutes(Session time setiing and other default time out settings are for 20min). After 20minutes I get it ASP runtime error. Which says method or property memberOf for object objUser is not supported. When I get below error I change the Authentication type to basic Authentication. It prompts for windows credentials and works fine. After that I again revert back to windows authentication. And it works for sometime.
Not sure if IIS7.5 id configured with basic authentication enabled and IE8 configured as above, still why it prompts for windows Credential. Though windows Authentication mode doesn't prompt for credential, It works fine but for certain period. Can any one explain me why this strange behaviour and solution to fix this one?
<%@ LANGUAGE="VBSCRIPT" %>
<%
Option Explicit
Dim oADSysInfo
Dim objUser
Dim strGroupData
Dim strUserDN
Dim arrGroups
Dim strGroup
Dim wsObject
Dim netSys
Dim strUsrDomain
strGroupData = ""
Set wsObject = CreateObject("WScript.Shell")
Set netSys = CreateObject("WScript.Network")
strUsrDomain = netSys.UserDomain
Set oADSysInfo = CreateObject("ADSystemInfo")
If err.number <> 0 Then
'getLDAPGroupInfo = strGroupData
'wsObject.popup("Error"& e.decription)
'Exit Function
End If
strUserDN = oADSysInfo.UserName
Set objUser = GetObject("LDAP://"& strUserDN)
arrGroups = objUser.memberOf
If IsEmpty(arrGroups) Then
'Wscript.Echo "Member of no groups"
ElseIf (TypeName(arrGroups) = "String") Then
'Wscript.Echo "Member of group " & arrGroups
strGroupData = arrGroups
Else
For Each strGroup In arrGroups
strGroupData = strGroupData & "," & strGroup
Next
'strGroupData = arrGroups
End If
Response.Write(strGroupData)
%>
I employed rather simple solution.
Solution I employed was as follows.
My Application is running under specific user identity(Physical path credential and Application pool idenity set to DNS account)
I created another page with above code and ran under applcation pool identity(SPN) and there by created a primary token key between Active Directory server and Webserver server
Using that key I again connected to LDAP to query user related info by calling above code under virtual directory having windows authentication and and running under user identity, there by getting user details.
If you are using asp.net programmatically impersonate user and get user detail from ldap and on application start create primary token by connecting ldap, The primary key persists till worker process is killed