Accessing Active Directory in ASP.NET?

Question

I use a console application to write some test code:

    /// 

    /// Returns AD information for a specified userID.
    /// 
    /         


        

Answer 1

The easiest way around this is to make your web application pool run as a domain account that has the required access. This avoids you having to manage the secure storing of a password. Don't forget to make the account a member of the IIS_WPG local group. If you do decide to use impersonation you will have to configure Kerberos delegation as well as changing the ASP.NET configuration to impersonate. This will involve making the application pool run as a domain account, granting that domain account permission to delegate credentials (the delegation tab of the account properties in the AD users and computers MMC). Then ensuring that the website is set to use negoiate in the metabase (this is the default on IIS6, not sure about other versions) and registering an SPN for the new domain account.

Edit: Your 'Unknown authentication' error sounds like mis-configured delegation. Check that the account your app pool is running as is trusted for delegation, that IIS is set to use ONLY windows authentication and that a valid SPN is registered for the app pool identity account.