It may be a CodeAccessSecurity issue. When you run as local host, you're in a different zone that on the other machine probably...but I would have expected a security error, not a NULL, but thought I'd throw a hint out in case.
Thanks, Shawn Wildermuth [EMAIL PROTECTED] Author of Pragmatic ADO.NET http://adoguy.com/book http://ONDotnet.com Microsoft .NET MVP > -----Original Message----- > From: Moderated discussion of advanced .NET topics. > [mailto:[EMAIL PROTECTED] On Behalf Of > Howard Hoffman > Sent: Friday, October 31, 2003 4:55 PM > To: [EMAIL PROTECTED] > Subject: [ADVANCED-DOTNET] DirectoryServices / Security issue? > > I've an ASP.NET web server that impersonate's its clients. > The web server tries to lookup an Active Directory property > via DirectoryServices.DirectorySearch. > > The machine that the web server runs on is configured in > Active Directory to allow credential delegation. > > I am looking for a certain user, and am searching by > "sAMAccountName=XXX". > When I run the web server on localhost (with browser client > also on the same machine), I can find 'XXX' just find via > DirectorySearcher.FindOne, and examine the property I'm interested in. > > For some reason, when I move my browser client to another > machine, the DirectorySearcher.FindOne method returns null. > I know the Directory entries are there. If I start a cmd > prompt on the other machine and run the W2K LDP.EXE utility, > I see the user and the properties I want. > > The LDAP / Active Directory server is the same -- just a > pretty vanilla W2K Active Directory (*non* mixed mode). > > > I've tried playing around with > DirectoryEntry.AuthenticationType, setting it to Secure, as > well as trying Secure | ServerBind | ReadonlyServer. > > No go -- still nothing found. I have confirmed in the > debugger that the Thread Principal Identity is the browser > client identity. > > I've tried clients as W2K3 Servers (actually a Terminal > Services client onto a W2K3 Server, where the TS client is an > XP box) as well as XP machines (no Terminal Services -- just > straight connection to the web server). > > Is there some limitation between Impersonation and DirectoryServices? > > Thanks in advance, > > Howard Hoffman > > =================================== > This list is hosted by DevelopMentorR http://www.develop.com > > >>> Error in line 16 of ADVANCED-DOTNET.MAILTPL: unknown formatting > >>> command <<< > -> .NET courses you may be interested in: <- > --- > > --- =================================== This list is hosted by DevelopMentorŪ http://www.develop.com >>> Error in line 16 of ADVANCED-DOTNET.MAILTPL: unknown formatting command <<< -> .NET courses you may be interested in: <-
