List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] [OU] ASP.Net 2.0 Impersonation - DirectoryEntry

Prev Next

You are not authorized to post a reply.

Author

Messages

bbernie1@xxxx.yyy

05/12/2006 7:41 AM
This is way off topic, but I need a sanity check and the only other place to turn is the wall left of me. Background: Writing lots of tools in ASP.Net 2.0 on a R2 Enterprise Server. For my website I turn off Anonymous Access and enable Windows Authentication. After that I ACL the website directory with the appropriate administrator group that uses these tools. Issue: I keep getting access denied when I go to execute any directory query. IIS has the user credential, unlike classic ASP you now need to either enable impersonation in your web.config or manually change thread context when needed. I've verified that its getting the correct Windows Principal, but it only executes correctly if I hardcode that ID into my web.config. Funny thing is that the bind is done as Network Service (my app pool id). Something is fishy here...Here is a tidbit of code that fails and my web.config btw- Anyone know a good IIS forum that has the same level of masterminds that ActiveDir has? -Brandon Code behind snippet try { DirectoryEntry objOU = new DirectoryEntry("LDAP://" + m_strOU); DirectoryEntry objComputer = objOU.Children.Add(String.Concat("CN=", m_strComputerName), "computer"); objComputer.Properties["samAccountName"].Add(String.Concat(m_strComputerName + "$")); objComputer.CommitChanges(); objComputer.Close(); objComputer.Dispose(); } Web.config

bdesmond

Posts:996

05/12/2006 10:10 AM
Print out Thread.CurrentPrincipal to make sure it works. www.asp.net has a AD programming section that is good. Thanks, Brian Desmond brian@xxxxxxxxxxxxxxxx c - 312.731.3132 From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Bernier, Brandon (.) Sent: Friday, May 12, 2006 3:38 PM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] [OU] ASP.Net 2.0 Impersonation - DirectoryEntry This is way off topic, but I need a sanity check and the only other place to turn is the wall left of me. Background: Writing lots of tools in ASP.Net 2.0 on a R2 Enterprise Server. For my website I turn off Anonymous Access and enable Windows Authentication. After that I ACL the website directory with the appropriate administrator group that uses these tools. Issue: I keep getting access denied when I go to execute any directory query. IIS has the user credential, unlike classic ASP you now need to either enable impersonation in your web.config or manually change thread context when needed. I've verified that its getting the correct Windows Principal, but it only executes correctly if I hardcode that ID into my web.config. Funny thing is that the bind is done as Network Service (my app pool id). Something is fishy here...Here is a tidbit of code that fails and my web.config btw- Anyone know a good IIS forum that has the same level of masterminds that ActiveDir has? -Brandon Code behind snippet try { DirectoryEntry objOU = new DirectoryEntry("LDAP://" + m_strOU); DirectoryEntry objComputer = objOU.Children.Add(String.Concat("CN=", m_strComputerName), "computer"); objComputer.Properties["samAccountName"].Add(String.Concat(m_strComputerName + "$")); objComputer.CommitChanges(); objComputer.Close(); objComputer.Dispose(); } Web.config

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] [OU] ASP.Net 2.0 Impersonation - DirectoryEntry

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads