Ask a Question related to ASP.NET Security, Design and Development.
-
Heang #1
Re: DirectoryEntry - enum users/groups...
Hi,
Joe, Thank You for pointing me in the right direction.
My apps now captures the user's password with a text box
and retrieves the user's username via their computer
network logon.
This work perfectly.
No impersonating.
No hardcoding of any user's password or username.
My trouble now is trying to delete a "contact" object.
According to [url]http://msdn.microsoft.com/library/default.asp?[/url]
url=/library/en-
us/vbcon/html/vbtskremovingactivedirectorynodes.asp
There is two methods by which I can achieve this.
The first method is using DeleteTree:
Dim entry As New DirectoryEntry(DN, Username,
txtPassword.Text)
entry.DeleteTree()
Which gives me System.UnauthorizedAccessException: Access
is denied.
I have tracked this down to something to do with username
ASPNET and the .NET configuration 1.1
The other method is to use Remove:
Dim entry As New DirectoryEntry(DN, Username,
txtPassword.Text)
Dim entryToRemove As DirectoryEntry
' Add code here to set entryToRemove to the entry you want
to remove.
entryToRemove.Path = DN
entryToRemove.Username = Username
entryToRemove.Password = txtPassword.Text
entry.Children.Remove(entryToRemove)
Which gives me: System.NullReferenceException: Object
reference not set to an instance of an object.
By the way, I know I have permission to create and delete
the particular contact object. This was tested a number of
times using MMC.
Could anyone please help point me in the right direction?
Thank You.
logged on user's>-----Original Message-----
>In ASP.NET under Windows Integrated authentication, the(impersonating) only when you>token is the token for the current requestdefault). You need>have impersonation turned on in web.config (it is off bynecessarily mean that>to add the <identity impersonate="true"/> tag.
>
>However, just because you are impersonating does notidentity. Unless the token>you can make requests on the network using thatwith Windows>you have is a primary logon token (which won't be trueimpersonation with a>Integrated auth. as the password is not passed), thenhave enabled>network call such as ADSI/S.DS will not work unless youI said before.>delegation and the clients are binding via Kerberos likereliably, we generally>
>Because of the complexity of getting this to workall of our S.DS>bypass the whole issue by using username and password forsomewhere and is>binds. This requires us to store a secret passwordWhen we need to act>potentially less secure, but ends up being more robust.web application UI>as the current user, we capture their credentials via thespam]"@netcompany.com> wrote in>and bind with those.
>
>Joe K.
>
>"Michael Ekegren" <"michael.ekegren[no-But due to>message news:3F091669.95C06735@netcompany.com...>> I have written other ADSI based COM+ components in vb6.that it would be a>performance>> and stability of these components I have the feelingc#.>better>> approach to wrap the ADSI like calls in .Net code usingin .Net - if I switch to>>
>> Speaking identity for the entire application poolapplications might>> another user for the identity of such, then otherwhen running>break.>> Therefore I'm not interested in that solution. In ASPidentity was also>> NT-authenticated users towards the webserver, thatoption) - but this>executing>> code (if you needed to impersonate, COM+ was the onlyalso seems like it>is not>> the case in .Net?
>>
>> Best regards
>> Michael
>>
>>
>>
>>
>> "Joe Kaplan (MVP - ADSI)" wrote:
>>>> > This seems like it would be effective as well, but itdeploy a web server>> > would add a lot of complexity for someone trying towith a separate COM+>> > control. What would be the real advantage of goingCOM+, so I'd like to>> > component in this instance? I'm pretty naive aboutwrote in message>> > hear your opinion.
>> >
>> > Joe K.
>> >
>> > "Willy Denoyette [MVP]" <willy.denoyette@skynet.be><joseph.e.kaplan@removethis.accenture.com>>> > news:uKk244zQDHA.2636@TK2MSFTNGP10.phx.gbl...
>> > >
>> > > "Joe Kaplan (MVP - ADSI)"news:emcSJYlQDHA.560@TK2MSFTNGP10.phx.gbl...>wrote>> > in messageto impersonate a>> > >
>> > > > Another option you might be able to do would beusername and password in>> > specific
>> > > > user account via web.config by specifying aan account, but it>the>> > > > identity element. That still has you hardcodingserver type COM+>may>> > be
>> > > > your only solution.
>> > > >
>> > > A better solution would be to access the DS from a>>>>> > application running with fixed identity.
>> > >
>> > > Willy.
>> > >
>> > >
>
>.
>Heang Guest
-
Selecting users that are in multiple groups
I am very new to ColdFusion and am having a light issue trying to select users that are in multiple groups... Basically, I want the sales people... -
Users login: Nested groups.
Hi there! If anyone could help me... thanks! My problem is this: our application controls the users login with Active Directory. It checks that... -
[Carbon] how do i get a list of users and groups??
hey all, i've been struggling to figure out how to get a list of users and groups like the finder's get info window displays in its ownership &... -
adding users to different groups
Hi group, I need to add a user (myself) to a group he doesn't belong to by default. On most unices I do edit the group file and voila. On the... -
local users and groups
When I try to access the Local Users and Groups, as the local administrator, there's an X, and I get an error message stating, Unable to access the...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
