Ahh okay I see.
So you're testing LDAP auth here:
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
And that's fine, you establish the authenticated connection. But then you try and build the searcher for groups like this:
DirectorySearcher search = new DirectorySearcher(_path);
You've dropped the authenticated connection and now you're trying to pass in _path, creating a second unauthenticated connection, instead an authenticated DirectoryEntry.
Ideally you would store "entry" and use that.
e.g.
namespace FormsAuth
{
public class LdapAuthentication
{
public DirectoryEntry _entry;
<snip>
public bool IsAuthenticated(string domain, string username, string pwd)
{
<snip>
//Update the new path to the user in the directory.
_filterAttribute = (string)result.Properties["cn"][0];
_entry = result.GetDirectoryEntry();
}
Then if you're authenticated you can pull the memberOf attribute from the DirectoryEntry rather than searching again in GetGroups:
// I think... not tested
String[] memberOf = _entry.Properties["memberof"]
Chris