Previous Thread:   Date Time settings in ASP.NET State Database

9/30/2005 12:01:04 PM    Failed forms authentication with LDAP
I'm using the walkthrough described in  
  
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp  
  
and I followed step by step.  
  
However, when I try with a valid AD account/password combination the code  
  
always throws an exception in the line  
  
Object obj = entry.NativeObject;  
  
The full exception message is:  
  
"System.Runtime.InteropServices.COMException (0x8007202B): A referral was  
  
returned from the server\r\n at  
  
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at  
  
System.DirectoryServices.DirectoryEntry.Bind()\r\n at  
  
System.DirectoryServices.DirectoryEntry.get_NativeObject()\r\n at  
  
AdminBuros.DAL.LDAPAuthentication.IsAuthenticated(String domain, String  
  
username, String pwd) in  
  
c:\\administracionburos\\dal\\adminburos.dal\\ldapauthentication.cs:line 38"  
  
If I try with an invalid AD account/password, arises another exception:  
  
"System.Runtime.InteropServices.COMException (0x8007052E): Logon failure:  
  
unknown user name or bad password\r\n at  
  
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at  
  
System.DirectoryServices.DirectoryEntry.Bind()\r\n at  
  
System.DirectoryServices.DirectoryEntry.get_NativeObject()\r\n at  
  
AdminBuros.DAL.LDAPAuthentication.IsAuthenticated(String domain, String  
  
username, String pwd) in  
  
c:\\administracionburos\\dal\\adminburos.dal\\ldapauthentication.cs:line 38"  
  
My environment is a development environment, AD in a Windows 2000 Server and  
  
my ASP.NET application running in XP Pro SP2 machine. The <processmodel>  
  
setting in machine.config is configured to : SYSTEM.  
  
The setting :  
  
<identity impersonate="true" />  
  
is present in my web.config file.  
  
The IIS virtual directory is configured as an IIS application with :  
  
-Execute Permissions : Script Only  
  
-Application Protection : Medium (Pooled)  
  
-Authentication Methods:  
  
* Anonymous Access, configured with a valid domain account. The MSDN article  
  
I mentioned does not specify if this account could be a domain or local  
  
account, just that it has to be a less privileged account.  
  
* Integrated Windows Authentication  
  
The code from the MSDN article was copied to a C# class type .NET project,  
  
which in turn is called by an ASP.NET web form which makes a project type  
  
reference to the class project.  
  
I've not tried the code from a windows form application however.  
  
Can somebody give me a hint about what's happening?  
  
Best regards.