Add New Users

Hi Tina:

Yes, this is a permissions issue. As a console app the code will send
your credentials to AD server, but when running under ASP.NET the code
executes under the local machine account ASPNET (or NETWORK SERVICE if
you are running asp.net on Win2003).

There are several possible solutions, one of which is to use
impersonation with a username and password in web.config.
http://msdn.microsoft.com/library/de...ersonation.asp

You might pick to run under a domain account with as limited
permissions as possible on the AD server.

--
Scott
http://www.OdeToCode.com/blogs/scott/
On Mon, 21 Feb 2005 13:58:15 -0500, "Tina Smith"
<tb******@earthlink.net> wrote:

This sample code works perfectly in Console App. It will fail on the
Children.Add line when running the same code in a Web App. I'm assuming
it's a permissions issue but I can't see to solve it. Any help would be
appreciated.

----------------------------------------------------------------------------
--------------
Imports System.DirectoryServices
Module Module1

Sub Main()
Try
Dim AD As DirectoryEntry = _
New DirectoryEntry("WinNT://" + Environment.MachineName + ",computer")
Dim NewUser As DirectoryEntry = AD.Children.Add("TestUser1", "user")
NewUser.Invoke("SetPassword", New Object() {"#12345Abc"})
NewUser.Invoke("Put", New Object() {"Description", "Test User from
.NET"})
NewUser.CommitChanges()
Dim grp As DirectoryEntry

grp = AD.Children.Find("Guests", "group")
If grp.Name <> "" Then
grp.Invoke("Add", New Object() {NewUser.Path.ToString()})
End If

Catch ex As Exception
End Try
End Sub

End Module

Most likely, your ASP.NET app is set up for anonymous access. If so, there
are a couple of ways to accomplish what you want.

1. Make the page so it is not available for the anonymous user. This forces
a logon and gives you the right to create the child (assuming domain admin
priveleges).

2. Put the above code in its own assembly and place it in a place where
impersonation of an account with priveleges is possible. COM+ is the easiest
option, as it is declarative (note a minor perf issue, as you are entering
Interop). Watch who has access to this page, however, as you have opened the
keys to the kingdom.

3. Shut off anon access to the site. This accomplishes the same as #1.

4. Create a separate process to do the work and fire it off using the
Process object. Note that this can still fail due to code access security,
which can be changed by altering current profiles or creating a new profile.

The issue here is you are running as you with a script, but as ASPNET when
you hit the page.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"Tina Smith" wrote:

This sample code works perfectly in Console App. It will fail on the
Children.Add line when running the same code in a Web App. I'm assuming
it's a permissions issue but I can't see to solve it. Any help would be
appreciated.

----------------------------------------------------------------------------
--------------
Imports System.DirectoryServices
Module Module1

Sub Main()
Try
Dim AD As DirectoryEntry = _
New DirectoryEntry("WinNT://" + Environment.MachineName + ",computer")
Dim NewUser As DirectoryEntry = AD.Children.Add("TestUser1", "user")
NewUser.Invoke("SetPassword", New Object() {"#12345Abc"})
NewUser.Invoke("Put", New Object() {"Description", "Test User from
..NET"})
NewUser.CommitChanges()
Dim grp As DirectoryEntry

grp = AD.Children.Find("Guests", "group")
If grp.Name <> "" Then
grp.Invoke("Add", New Object() {NewUser.Path.ToString()})
End If

Catch ex As Exception
End Try
End Sub

End Module