The authentication mechanism is unknown
As an ASP.NET developer, what really bugs me the most is the security issues related to current web context, in which you do your coding .I have been recently working on an ASP.NET project, which requires me to frequently query Active Directory to obtain necessary information about users, groups and so on. I mostly use System.DirectoryServices and its two famous classes DirectoryEntry and DirectorySearcher. I guess the biggest challenge working with Active Directory from a web context is that fact that AD requires a primary token all the time. As long as IIS server has a user name and password (not just a hash of the password as the result of NTLM authentication) and can hand it over to AD you are fine, otherwise you are toast and soon you will end up receiving various nasty messages from AD. If I can convince my clients to pass credentials to System.DirectoryServices code using the DirectoryEntry class constructor or by using the Username and Password properties, then this method is my preferred one. However you should consider securing your credentials and not leave them in clear text anywhere in your app. For the sake of demonstration, let’s assume that you have written a piece of code to authenticate to AD to do some work:
DirectoryEntry adSharepointUsers=null;
try
{
adSharepointUsers = new DirectoryEntry("LDAP://mydomain","ADUser","password");
........
}
catch(Exception ex)
{
throw ex;
}
Everything works fine on your development machine, but once you have deployed your app to the production ,you will be trapped by "The authentication mechanism is unknown" error. If that's the case you might try passing username with the domain name at the same time
ie: MyDomain/ADUser.
DirectoryEntry adSharepointUsers=null;
try
{
adSharepointUsers = new DirectoryEntry("LDAP://MyDomain","MyDomain/ADUser","password");
........
}
catch(Exception ex)
{
throw ex;
}
Yes, it does the trick!