ASP.NET - Accessing Active Directory from code behind page

itemprop="text">

I have made a web application, which
reads/writes from/to Active Directory. In my web.config file there
is

            impersonate="true"/>

and

            mode="Windows"/>

When
I display

System.Web.HttpContext.Current.User.Identity.Name

in
some label, it shows mydomain\myusername, so I think
impersonation works.

Now to the
question. When I access the application on the server, where the IIS web server is
running, everything works great. But when I access the web application from a remote PC,
I get an exception (the label still shows
"mydomain\myusername").

I have traced the
problem down. In the code behind when I
call

Forest currentForest =
            Forest.GetCurrentForest();

the
variable currentForest knows its
currentForest.Name,
currentForest.RootDomain or
currentForest.ForestMode, but any call to
currentForest.Domains,
currentForest.Sites or
currentForest.GlobalCatalogs results in

System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException.

Now
I'm lost and don't know what to debug further. The account I'm using is member of
Enterprise Admins (multi-domain forest). I have tried it on two different servers with
different IIS versions (IIS 7.5 and IIS 6.0) with no
luck.

And the thrown exception isn't of much
help:

Exception
Details: System.DirectoryServices.DirectoryServicesCOMException: An operations error
occurred.
Source Error: An unhandled exception was generated during the
execution of the current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.

Stack Trace: />DirectoryServicesCOMException (0x80072020): An operations error
occurred.

System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +557 />System.DirectoryServices.DirectoryEntry.Bind() +44 />System.DirectoryServices.DirectoryEntry.get_AdsObject() +42 />System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
+98
System.DirectoryServices.ActiveDirectory.ADSearcher.FindAll() +46 />System.DirectoryServices.ActiveDirectory.Forest.GetDomains()
+543

[ActiveDirectoryOperationException: An
operations error occurred.]

System.DirectoryServices.ActiveDirectory.Forest.GetDomains() +512484 />System.DirectoryServices.ActiveDirectory.Forest.get_Domains() +44 />myWebApp.ASPpage.Button_Click(Object sender, EventArgs e) in C:\Documents and
Settings\myUser\documents\visual
studio\Projects\MyWebApp\MyWebApp\ASPPage.aspx.cs:158 />System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115 />System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
+140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +29 />System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) +2981

EDIT:
If it is not obvious, I want to use currentForest.Domains to
search the whole forest (all domains) for a user given by UPN name.

Answer

I found the answer to my question in one of
"Related questions" on this page. The answer was in this topic: href="https://stackoverflow.com/questions/7760158/why-does-directoryservicescomexception-occur-querying-active-directory-from-a-ma?rq=1">Why
does DirectoryServicesCOMException occur querying Active Directory from a machine other
than the web server?

I found, that it
was exactly my case. After reading the suggested Microsoft article, I learned, that
impersonating works only for local resources on the IIS server. To access network
resources (SQL, Active Directory), I have to set "Trust this computer for delegation" in
the computer object in Active Directory.