We are experiencing the exact same issue (cross domain queries failing on updating to 4.5) – I would consider this a bug since it breaks existing (4.0) code. However, in the interest of making it work – taking a look at one of the (now) failing clients, I noticed that there were a bunch of … Read more
For dev I am using IISExpress with development server properties of the MVC project set up so that Anonymous Authentication is Disabled and Windows Authentication is Enabled. The web config is deployed using our TFS build server to test and release servers for which authentication is also setup as above and works in those locations … Read more
This is better (easier to use, no opportunity of NullReferenceExcpetion and conforms MS coding guidelines about treating empty and null string equally): public static class Extensions { public static string GetDomain(this IIdentity identity) { string s = identity.Name; int stop = s.IndexOf(“\\”); return (stop > -1) ? s.Substring(0, stop) : string.Empty; } public static string … Read more
This seems to be a JPEG-File, so you should be able to send that data together with the appropriate mime-type to the browser. It should be possible to output that image with something like: <img src=”data:image/jpeg;base64,<?php echo base64_encode($imageString); ?>”/> But it might also be possible to save files of any image format into that thumbnailPhoto … Read more
Here is a simple code that authenticate and make an LDAP search usin JNDI on a W2K3 : class TestAD { static DirContext ldapContext; public static void main (String[] args) throws NamingException { try { System.out.println(“Début du test Active Directory”); Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11); ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, “com.sun.jndi.ldap.LdapCtxFactory”); //ldapEnv.put(Context.PROVIDER_URL, “ldap://societe.fr:389”); ldapEnv.put(Context.PROVIDER_URL, “ldap://dom.fr:389”); ldapEnv.put(Context.SECURITY_AUTHENTICATION, “simple”); … Read more
The number of objects that Get-ADGroupMember can return is restricted by a limit in the ADWS (Active Directory Web Services): MaxGroupOrMemberEntries 5000 Specifies the maximum number of group members (recursive or non-recursive), group memberships, and authorization groups that can be retrieved by the Active Directory module Get-ADGroupMember, Get-ADPrincipalGroupMembership, and Get-ADAccountAuthorizationGroup cmdlets. Set this parameter to … Read more
Here is Microsoft’s recommendation. As for the other answers, I’m not really sure why you’re shooting them down. You are complaining about (relatively edge case) failures while trying to validate credentials, but if you are going to actually do something with those credentials then that operation is just going to fail anyway. If you are … Read more
So I ended up implementing my own authorize attribute and using that: namespace Application.Filters { public class AuthorizeADAttribute : AuthorizeAttribute { public string Groups { get; set; } protected override bool AuthorizeCore(HttpContextBase httpContext) { if (base.AuthorizeCore(httpContext)) { /* Return true immediately if the authorization is not locked down to any particular AD group */ if … Read more
You can!!! In short use this as the connection string: ldap://<host>:3268/DC=<my>,DC=<domain>?cn together with your search filter, e.g. (&(sAMAccountName={0})(&((objectCategory=person)(objectclass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf:1.2.840.113556.1.4.1941:=CN=<some-special-nested-group>,OU=<ou3>,OU=<ou2>,OU=<ou1>,DC=<dc3>,DC=<dc2>,DC=<dc1>)))) That will search in the so called Global Catalog, that had been available out-of-the-box in our environment. Instead of the known/common other versions (or combinations thereof) that did NOT work in our environment with multiple OUs: ldap://<host>/DC=<my>,DC=<domain> … Read more
I had exactly the same error and fixed it by changing the site’s application pool to run under the Network Service. In IIS: Select your site’s application pool Select Advanced Settings on the right-hand side On the Advanced Settings pop-up window, scroll down to the Process Model group Change the first option called Identity to … Read more