Impersonation approach is the only choice you have.
I don't know if ADSI has a syntax to allow you to pass username/password for
the ADSI call, but if it does, it can be an "alternative".
Otherwise, you have no choice since:
1. ADSI needs a valid user identity
2. ASP only executes code with an impersonated identity from authentication
This means that:
1. if you configure authentication in IIS, the remote user identity is used
to execute code - which may not have permissions to Active Directory - hence
you need to modify the user somehow, either via an object that temporarily
changes the Impersonation token, or if ADSI allows a username/password to be
passed.
2. if you do not configure authentication in IIS and just use anonymous,
then the configured anonymous user account is used to execute code - which
can be configured to have permissions to Active Directory. But there is no
user authentication.
In other words, with ASP, there is no such thing as:
1. Authenticate using a Windows user account
2. Run code using another user account
-> Unless you use a custom component to perform #2
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"CJM" <cj*******@newsgroup.nospam> wrote in message
news:u5**************@TK2MSFTNGP09.phx.gbl...
"David Wang [Msft]" <so*****@online.microsoft.com> wrote in message
news:u2**************@TK2MSFTNGP11.phx.gbl... The VB ActiveX object is 32bit. The OS is 64bit. The different "bitness"
are incompatible if attempting to run them in the same process (which you
need to do in order to change the impersonation token).
Your choices are to either:
1. Configure IIS on XP64 to run in 32bit WOW64 compatibility mode.
adsutil set W3SVC/Enable32BitAppOnWin64 1
Changing bitness can obviously cause other failures if you have code
running on IIs that must be 64bit. Search my blog for "WOW64" or "64bit"
for an understanding of the issue
2. Recompile a 64bit version of the ActiveX object (probably have to do
it in C++ - there is no such thing as 64bit VB) and run everything as
native 64bit.
Thanks David...
Option 2 seems preferable... I do have a copy of C++ but unfortunately I
have zero knowledge of the language, so it would be very difficult for me
to do off my own back. Is there an equivalent KB article that provides the
C++ code?
Option 1 is obviously a possibility. Switching to 32bit wont be a problem
at the moment, but you never know in the future. Plus we will be slowly
migrating to 64bit servers, and I might not have as much control over
these - these may need to run some 64bit code.
Is there an alternative to this whole impersonation technique?
Thanks
