Ask a Question related to ASP.NET Security, Design and Development.
-
johnny #1
calling ADSI objects from WebApplication
Hello, I got this weird problem. I have an intranet application that needs to
communicate with Active directory. Authentication to Web application is done
by means of active directory accounts.
Now I have this code:
DirectoryEntry objDomain = new DirectoryEntry("LDAP://rootDse");
string domain = objDomain.Properties["defaultNamingContext"].Value.ToString();
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = new DirectoryEntry(string.Format("LDAP://{0}",domain));
ds.Filter = "(&(objectClass=group)(sAMAccountName=group_name)) ";
ds.SearchScope = SearchScope.Subtree;
SearchResult res = ds.FindOne();
When I run the application from any computer and authenticate as a user with
domain administrator privilige, everything works fine. When I authenticate as
a normal user application fail at line
SearchResult res = ds.FindOne();
throwing this exception:
Text: An operations error occurred
Exception Details: System.Runtime.InteropServices.COMException: An
operations error occurred
Stack Trace:
System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail) +513
System.DirectoryServices.DirectoryEntry.Bind() +10
System.DirectoryServices.DirectoryEntry.get_AdsObj ect() +10
System.DirectoryServices.DirectorySearcher.FindAll (Boolean
findMoreThanOne) +198
System.DirectoryServices.DirectorySearcher.FindOne () +31
To remind: This bunch of code is called from a library that is inside GAC to
assert it's not consindered as partially trusted code.
I have no idea, where the problem could be. As a first thing I thought the
user doesn't have a privilige to communicate to AD, so I took this piece of
code and put it into a Windows application and run as a normal user. It
worked ok.
Can anybody have any idea what I should do? I'd be very grateful. Thanks in
advance.
johnny Guest
-
Webapplication Login and RSA API
Hallo, wie have an RSA ACE Server. I must implement RSA check by loging into webapplication (ASP.NET) . which api (and which RSA Agent) should I... -
webapplication with SQL-server
Hi, I'm new to ASP. Currently I'm planning to develop a web application for my company. I want to use ASP for the application and use SQL-server... -
convert to dll in vb.net (webapplication)
Hello I need to know which files in .net framework could help me make dll files, I make a library class project and I want to convert it to dll to... -
Calling in child objects with 'me'
I'm having some problems understanding the use of "me" in child objects. When I create and instance of the child object and I want to access a... -
calling adsi from aspnet
We have an aspnet app that allows the user to change their password. We are using windows authentication on win2003. In the sample code below the... -
Joe Kaplan \(MVP - ADSI\) #2 Re: calling ADSI objects from WebApplication
It is a problem related to security context. Is your application set to
impersonate? Is it II5 or IIS6? What is the value of
System.Security.Principal.WindowsIdentity.GetCurre nt().Name? Is that a
domain account?
One thing you can do to check this issue really quickly is add a domain name
or server to your binding strings, LDAP://mydomain.com/rootdse for example,
and specify credentials for your directory entry objects. If that fixes the
problem, then it is definitely an issue with your security context.
There is a good article here that discusses potential remedies and this
problem has been discussed to death in this another other groups, so Google
should help you find some more info.
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;329986[/url]
Joe K.
"johnny" <johnny@discussions.microsoft.com> wrote in message
news:64FDE7AF-4174-4D70-AE19-AA7EC00DB649@microsoft.com...> Hello, I got this weird problem. I have an intranet application that needs
> to
> communicate with Active directory. Authentication to Web application is
> done
> by means of active directory accounts.
>
> Now I have this code:
>
> DirectoryEntry objDomain = new DirectoryEntry("LDAP://rootDse");
> string domain =
> objDomain.Properties["defaultNamingContext"].Value.ToString();
> DirectorySearcher ds = new DirectorySearcher();
> ds.SearchRoot = new DirectoryEntry(string.Format("LDAP://{0}",domain));
> ds.Filter = "(&(objectClass=group)(sAMAccountName=group_name)) ";
> ds.SearchScope = SearchScope.Subtree;
> SearchResult res = ds.FindOne();
>
> When I run the application from any computer and authenticate as a user
> with
> domain administrator privilige, everything works fine. When I authenticate
> as
> a normal user application fail at line
> SearchResult res = ds.FindOne();
> throwing this exception:
>
> Text: An operations error occurred
> Exception Details: System.Runtime.InteropServices.COMException: An
> operations error occurred
> Stack Trace:
> System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail) +513
> System.DirectoryServices.DirectoryEntry.Bind() +10
> System.DirectoryServices.DirectoryEntry.get_AdsObj ect() +10
> System.DirectoryServices.DirectorySearcher.FindAll (Boolean
> findMoreThanOne) +198
> System.DirectoryServices.DirectorySearcher.FindOne () +31
>
> To remind: This bunch of code is called from a library that is inside GAC
> to
> assert it's not consindered as partially trusted code.
>
> I have no idea, where the problem could be. As a first thing I thought the
> user doesn't have a privilige to communicate to AD, so I took this piece
> of
> code and put it into a Windows application and run as a normal user. It
> worked ok.
>
> Can anybody have any idea what I should do? I'd be very grateful. Thanks
> in
> advance.
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
