Hi :-)
I'm having some trouble with LDAP and Active Directory on Win2k3
I use Windows Authentication and the code
System.Threading.Thread.CurrentPrincipal.Identity. Name gives me the correct
credentials when logged in.
When I create user in AD i get an error. I have 4 scenarioes - one work and
one don't. I'm very confused:
1) Does not work
- <identity impersonate="true"/in web.config
- No impersonating by code
- No credentials are sent together with LDAP string [new
DirectoryEntry("mypath")]
Error message: System.Runtime.InteropServices.COMException: An operations
error occurred.
- I can't read from AD
2) Does not work
- <identity impersonate="true"/in web.config
- No impersonating by code
- Credentials are sent together with LDAP string [new
DirectoryEntry("mypath", "username", "password", AuthenticationTypes.Secure);]
Error message: An operations error occurred
- I can read from AD
3) Does not work
- <identity impersonate="false"/in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
- No credentials are sent together with LDAP string
Exception Details: The specified directory service attribute or value does
not exist.
- I can't read from AD
4) Works!
- <identity impersonate="false"/in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
Credentials are sent together with LDAP string [new DirectoryEntry("mypath",
"username", "password", AuthenticationTypes.Secure);]
What is the difference between <identity impersonate="true"/in web.config
and manual code impersonation?
What is the correct approch for user to manage AD from asp.net loged in with
Windowd credentials ?
--
Jesus Loves You
