I'm facing probleming with LDAP. My Web server is IIS7.0(windows server 2008 R2). Its configured to use windows Authentication. I've pasted my asp page below. Web browser is IE8, Have added the website to intranet zone and enabled, send user details if intranet zone in security tab->custom level. Intigrated windows authentication is enabled in advanced tab. Web Application details Cluster control website and another website which host below code. Application Name Auth Type Application pool Application pool identity Cluster control: Anonymous Clustercontrol Application pool identity Mywebsite1 Windows MyWebsite1 DNS account Now coming to problem If I try to access the website I get runtime error " method or property memberOf is not supported" Suppose I change the Authentication type to Basic authentication it asks credentials and signs in. Immedaitly after that if I change Authentication type to Windows. It works fine from the VM browser.It works even after I restart the browser. But it works only for 20min since Application Idle timeout is set to 20min(Can see WAS even log which says Application pool Website1 was closed due to incativity for 20min, new worker process will be created as and when its needed). It also doesn't work if I restart the app pool immediatly after I change windows AUth type. If I try to access the Website1 using cluster control using localhost, It prompts for credential and dosn't login. But If I try to access the below page using localhost it works perfect. Can anyone suggest me what exactky going wrong over here? <%@ LANGUAGE="VBSCRIPT" %> <% Option Explicit Dim oADSysInfo Dim objUser Dim strGroupData Dim strUserDN Dim arrGroups Dim strGroup Dim wsObject Dim netSys Dim strUsrDomain strGroupData = "" Set wsObject = CreateObject("WScript.Shell") Set netSys = CreateObject("WScript.Network") strUsrDomain = netSys.UserDomain Set oADSysInfo = CreateObject("ADSystemInfo") If err.number <> 0 Then 'getLDAPGroupInfo = strGroupData 'wsObject.popup("Error"& e.decription) 'Exit Function End If strUserDN = oADSysInfo.UserName Set objUser = GetObject("LDAP://"& strUserDN) arrGroups = objUser.memberOf If IsEmpty(arrGroups) Then 'Wscript.Echo "Member of no groups" ElseIf (TypeName(arrGroups) = "String") Then 'Wscript.Echo "Member of group " & arrGroups strGroupData = arrGroups Else For Each strGroup In arrGroups strGroupData = strGroupData & "," & strGroup Next 'strGroupData = arrGroups End If Response.Write(strGroupData) %>

Now I can confirm that its a "Double-hop issue". What ever problem above I explained was seen in Double-Hope issue. Can any one explain me how to fix it. Though it could have been fixed if I had used ASPX. How can I fix in classical ASP

Hi Karthik, Thanks for posting in Microsoft TechNet forums. Here are some links which might be helpful while troubleshooting Double Hop issue: The Double-Hop Problem http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx Double Hop and ASP.NET - a workaround. http://weblogs.asp.net/avnerk/archive/2004/09/22/232967.aspx IIS, Windows Authentication and the Double Hop issue http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx Regards KevinTechNet Community Support

Thanks for your response I employed rather simple solution. Solution I employed was as follows. 1. My Application is running under specific user identity(Physical path credential and Application pool idenity set to DNS account) 2. I created another page with above code and ran under applcation pool identity and there by created a primary token key. 3. Using that key I again connected to LDAP to query user related info by calling above code under virtual directory having windows authentication and there by getting user details. Thanks for your help again

Hi Karthik, Thanks for sharing your solution with us. Please feel free to create new thread if you encounter other problem in the future. Best Regards Kevin