.Net's Directory Services throws a strange exception
Solution 1
I had this issue: things were working on my dev machine but didn't work on the server. Turned out that IIS on the server was set up to run as LocalMachine. I changed it to NetworkService (the default) and things started working.
So basically check the user of the app pool if this is running on IIS.
Solution 2
I had this problem too using IIS Express and VS 2010. What fixed it for me was a comment on another thread.
Validate a username and password against Active Directory?
but i'll save you the click and search... :) Just add ContextOpations.Negotiate to you Validate Credentials call like below.
bool valid = context.ValidateCredentials(user, pass, ***ContextOptions.Negotiate***);
Solution 3
I had to just create a new app pool and assign it .NET 2.0, then assign the new app pool to our web app, and it started working. We had .NET 3.5 SP2, so the hotfix wasn't ideal for us. Since the WWW service is usually Local System, I questioned that too. But since it was .NET and security related, I gave a shot at the app pool first and it worked.
Solution 4
Perhaps you need the hotfix?
And you are an Admin or the id that your service is running under is an Admin on your PC right?
I take it you already looked into this:
"You may receive a less than helpful DirectoryOperationException(“The server cannot handle directory requests.”) what isn’t quite so amusing about this is that it didn’t even try to communicate with the server. The solution was to add the port number to the server. So instead of passing “Server” to open the LdapConnection, I passed “server:636”. By the way, LDAPS is port 636 – rather than the 389 port used by LDAP."
Good point, I wouldn't expect that Win7/.NET 3.5 would need that patch. How about the info provided in this question:
Related videos on Youtube
Noich
SOreadytohelp Linux drivers developers. Toys with C, yeah! Formerly a C# developer. Toys with WPF, EF, SQL, Python and other fun stuff.
Updated on July 09, 2022Comments
-
Noich almost 2 years
I have a small C# solution used to check users credentials. It works fine for two of my teammates, but on my PC I get an exception.
The relevant code:
PrincipalContext context = new PrincipalContext(ContextType.Domain); if (context.ValidateCredentials(System.Environment.UserDomainName + "\\" + usr, pwd)) return true; else return false;
And the exception is:
DirectoryOperationException, "The server cannot handle directory requests.".
I tried creating context with the explicit server name and the 636 port number, but this didn't help as well.
Any ideas?
-
Noich almost 11 yearsIf nothing else here helped you, perhaps see my last comment: stackoverflow.com/questions/3694919/…
-
-
Noich over 13 yearsMaybe I got something wrong here, but the hotfix is for .Net2, and as I use 3.5, I don't have the .Net2 SP1 installed, which made the hotfix angry :) About the quote - I saw it, but thanks a lot anyway!
-
Noich over 13 yearsOk, so it seems like the hotfix is not meant for win7 - SP1 can't be installed.
-
Noich over 13 yearsThe problem was that this code was getting a server dynamically, and so received a server that wasn't running Windows 2008. When getting a specific server that did run Win2008, everything started working again. Hurray!
-
JohnB over 13 yearsSo, using that Hotfix, or using Windows Server 2008 is the solution to that exception.
-
Kiquenet almost 11 yearsCan I do programatically in C# check the user of the app pool if this is running on IIS ?
-
fredw almost 11 yearsGet app pool user programmatically: stackoverflow.com/questions/10101162/…
-
Pilsator over 8 yearsThis should be marked as resolution. I experienced this exception on a simple test application (actually a small WPF program) which threw the exception only when connected to the destination domain through VPN. Whenever experiencing authentication problems using a VPN give ContextOptions.Negotiate a try.
-
Kiquenet over 7 yearsWhy reason using
ContextOptions.Negotiate
? -
pwDev over 7 years@Kiquenet As Brett Veenstra explains: ...".NET uses the following technologies by default: LDAP+SSL, Kerberos, then RPC. I suspect RPC is off in your network (good!) and Kerberos doesn't actually get used by .NET unless you explicitly tell it using ContextOptions.Negotiate"...
-
Kiquenet over 7 yearsIn the same server, I get the error
The server cannot handle directory requests
in a IIS website, but it's OK in another IIS website. The source code is the same (it's aTestAD.aspx
page). -
Bronumski over 6 yearsThis answer extends more than to just VS 2010, same issue with AspNet Core and Kestrel. I ported previously working code into a core project and the above resolved the issue for me.
-
Mike over 5 yearscode was working fine. then today I just started getting this error. Passing Negotiate did the trick.
-
dparker over 5 yearsI changed the identity of the app pool to use network service over local system. The code has been working fine for years and then this issue started to occur. See this link for more details social.msdn.microsoft.com/Forums/sqlserver/en-US/…
-
Caleb Seadon over 3 yearsWorked for me by switching to ApplicationPoolIdentity