TGIF! I just spiced-up an ASP.NET app so that it uses DirectorySearch.FindOne <https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.directorysearcher.findone?view=netframework-4.8> to either verify a login user account exists or to authenticate. It runs perfectly on my work PC, but when I installed the app in IIS on my test server it died with *The specified domain either does not exist or could not be contacted*. I discovered that because my app was running as NETWORK SERVICE, which isn't a domain user, it can't see the Active Directory.
A trap...only domain user accounts can *see* AD. Asking the customer (a hospital) to create a special account, assign it to the pool and set ACLs is impractical. My lovely new login feature has hit a roadblock and I'm not sure of a workaround or alternative. It's a specialist topic, but I thought I'd ask in here just in case some boffin has suggestions. *Greg Keogh* P.S. I just remembered that about 15 years ago I used a Win32 Interop to call LoginUser <https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera> for a similar purpose, but it was for local accounts and I'll need to research if it works for domain accounts.
-- ozdotnet mailing list To manage your subscription, access archives: https://codify.mailman3.com/
