Monthly Archives: March 2015

IIS 7/.NET 4 System.DirectoryServices: The (empty) search filter is invalid

This is a silly error, but it has caught me a couple of times.  Surprisingly, there doesn’t seem to be a blog anywhere that talks about this specific issue.

Situation: you have an ASP.Net 4+ application running on IIS 7.  You navigate to the page and get a server error:


Specifically, “The (&(objectCategory=user)(objectClass=user)(|(userPrincipalName=)(distinguishedName=)(name=))) search filter is invalid.”  Note, that if you don’t have the pdb deployed, your source error will not show the actual error line, but rather “An unhanded exception was generated during the execution of the current web request.  Information regarding the origin and location of the exception can be identified using the exception stack trace below.”

This can be particularly vexing if application works on your development machine, but not in production.

Cause: The LDAP lookup is failing because your directory requires authentication, and you’re running an anonymous session with a local computer account.

Fix: In IIS, turn off Anonymous Authentication and turn on Windows Authentication instead.