473,748 Members | 2,602 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

LDAP connection & query works on XP, but not on 2003

Hello.

I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will perform
lookups based on the current user (integrated auth) to an LDAP server which
requires no login (Authentication Types.None). When I run it, I get the
following ambiguous error:

Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security .SecurityExcept ion: Security error.

But - the ldap query works flawlessly on my XP development machine (where I
am logged into the domain also).

What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authenticati on mode="Windows" />
<identity impersonate="tr ue"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.Director yServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)

I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservic es dll (or
some other windows 2003 config setting), when it is called. What leads me to
that conclusion is when I am debugging, I will not get that error when i rem
out the line --> dirEntry = new
DirectoryEntry( "LDAP://server:389/ou=People,o=sit e.org"); <---. When that
line is unrem'd, the debugger never begins to debug - I get the error first.

using System.Director yServices;

........

DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry( LDAP://server:389/ou=People,o=sit e.org);
dirEntry.Authen ticationType = AuthenticationT ypes.None;
//perform lookup

Thanks much in advance for any ideas. Again, my code is good - it works on
my other box. It just doesn't run on the server.
Jul 21 '05 #1
3 4981
This has nothing to do with windows security, it's a Code Access Security
issue. Do you run this code from a networkshare perhaps?
If you do, you must change the CAS settings.

Willy.

"jeremy" <JJ@mailinator. com> wrote in message
news:%2******** *******@TK2MSFT NGP14.phx.gbl.. .
Hello.

I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will
perform
lookups based on the current user (integrated auth) to an LDAP server
which
requires no login (Authentication Types.None). When I run it, I get the
following ambiguous error:

Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security .SecurityExcept ion: Security error.

But - the ldap query works flawlessly on my XP development machine (where
I
am logged into the domain also).

What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authenticati on mode="Windows" />
<identity impersonate="tr ue"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.Director yServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)

I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservic es dll (or
some other windows 2003 config setting), when it is called. What leads me
to
that conclusion is when I am debugging, I will not get that error when i
rem
out the line --> dirEntry = new
DirectoryEntry( "LDAP://server:389/ou=People,o=sit e.org"); <---. When that
line is unrem'd, the debugger never begins to debug - I get the error
first.

using System.Director yServices;

.......

DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry( LDAP://server:389/ou=People,o=sit e.org);
dirEntry.Authen ticationType = AuthenticationT ypes.None;
//perform lookup

Thanks much in advance for any ideas. Again, my code is good - it works on
my other box. It just doesn't run on the server.

Jul 21 '05 #2
Thanks for your help. I wasn't running from a network share, but based on
your reply, was able to come to a solution.

After reading this document -->
http://msdn.microsoft.com/library/de...l/secmod81.asp
and this document -->
http://msdn.microsoft.com/library/de...l/secmod82.asp
I ran some tests and came to the realization that I probably have to load
the dll into the GAC. I tinkered with the machine.config and added my own
custom security configuration files, but to no avail. There must be
something about the system.director yservices dll that requires full access.
I wasn't able to figure out how to do that, so I tried the last resort -
gac. strong named it, and added the dll to the gac using the .NET
Configuration 1.1 snap-in. Restarted IIS and it worked. Will likely use this
solution when the project goes into production next week.

I hope this helps someone else who is running sharepoint (@ medium security)
and ASP.NET

Thanks for your help Willy. If you do have any other suggestions as to why /
how to add the System.Director yServices to some customized .config files, I
am all ears.
"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:#$******** ******@tk2msftn gp13.phx.gbl...
This has nothing to do with windows security, it's a Code Access Security
issue. Do you run this code from a networkshare perhaps?
If you do, you must change the CAS settings.

Willy.

"jeremy" <JJ@mailinator. com> wrote in message
news:%2******** *******@TK2MSFT NGP14.phx.gbl.. .
Hello.

I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will
perform
lookups based on the current user (integrated auth) to an LDAP server
which
requires no login (Authentication Types.None). When I run it, I get the
following ambiguous error:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security .SecurityExcept ion: Security error.

But - the ldap query works flawlessly on my XP development machine (where I
am logged into the domain also).

What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authenticati on mode="Windows" />
<identity impersonate="tr ue"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.Director yServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)

I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservic es dll (or some other windows 2003 config setting), when it is called. What leads me to
that conclusion is when I am debugging, I will not get that error when i
rem
out the line --> dirEntry = new
DirectoryEntry( "LDAP://server:389/ou=People,o=sit e.org"); <---. When that line is unrem'd, the debugger never begins to debug - I get the error
first.

using System.Director yServices;

.......

DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry( LDAP://server:389/ou=People,o=sit e.org);
dirEntry.Authen ticationType = AuthenticationT ypes.None;
//perform lookup

Thanks much in advance for any ideas. Again, my code is good - it works on my other box. It just doesn't run on the server.


Jul 21 '05 #3
>>There must be something about the system.director yservices dll that requires full access.

To a certain degree - yes. You might want to post your question to the

microsoft.publi c.adsi.general

newsgroup - there are a number of very highly skilled AD / ASP.NET
programmers hanging out there who definitely knows this in depth. (I'm
not a ASP.NET guy, so I can't really help you myself).

Marc

=============== =============== =============== =============== ====
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)i nova.ch
Jul 21 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
1398
LDAP Settings
by: sergio | last post by:
Hello I try to set my LDAP to accept query comming from a .asp aplication On windows 2000 , all works fine. The user logging in to my asp aplication is aut. by the AD LDAP Trying the same from a AD on a Windows 2003 does not work The AD and LDAP settings on my Windows 2003 are on default ( nothing changed from the Installation settings)
.NET Framework
1
5184
ASP & LDAP
by: Enigma Webmaster | last post by:
We've had an ASP running for about 9 months which returns a full listing of network users (taken directly from AD), and it has now stopped working with the following; Provider Error '80004005'. If I remove a field called 'userAccountControl' from the field list it works to a certain extent but still fails further down the code with not finding content ofr the field called 'Name'. I think its very probably a permissions error, can...
ASP / Active Server Pages
0
1639
Using Novell (via LDAP?) to authenicate
by: Tim | last post by:
Hello, I'm trying very (too) hard to log uses LDAP (via ADSI) to autheniticate users in an A2k2 application. We have AD and I have that working slick. We are in a tranistion from NDS to AD and I would like to get the NDS side working during the transition. I know the concept of what required Microsoft's information is very sparse and incomplete if not wrong.
Microsoft Access / VBA
0
1525
NDS authenication via LDAP
by: Tim | last post by:
Hello, I'm trying very (too) hard to log uses LDAP (via ADSI) to autheniticate users in an A2k2 application. We have AD and I have that working slick. We are in a tranistion from NDS to AD and I would like to get the NDS side working during the transition. I know the concept of what required
Microsoft Access / VBA
5
2344
asp.net and ldap
by: Bryan | last post by:
Hello, I have a asp.net app working with directory services on my Windows XP development machine. However when I moved the application over to our production server (Win 2000 Server) it no longer works. I use this code to try to connect to ldap: System.DirectoryServices.DirectoryEntry entry = new System.DirectoryServices.DirectoryEntry(LDAP://corp.mydomain.com,user,pass); I tried using my user name and password, the domain admin...
ASP.NET
3
304
LDAP connection & query works on XP, but not on 2003
by: jeremy | last post by:
Hello. I have an asp.net application that resides on a non-DC / BDC Sharepoint Server (although it is logged into the domain). The application will perform lookups based on the current user (integrated auth) to an LDAP server which requires no login (AuthenticationTypes.None). When I run it, I get the following ambiguous error: Security Exception Description: The application attempted to perform an operation not allowed
.NET Framework
2
5646
LDAP Authentication fails on Web Application
by: Anbu | last post by:
Sorry for cross posting the query. But I need a resolution as early as possible. I have developed an application to authenticate the user based on LDAP Search and authentication. The Windows application that was developed using C# works fine. But it fails when I convert this as a DLL or Web Service. I need to host the application on a server to use the result across different applications and on different clients.
ASP.NET
2
2666
LDAP Query - Not working *sometimes*
by: HamishC | last post by:
Hi all, I have been knocking my head against this one for a few days -- haven't been able to find a solution to this anywhere so hopefully someone can help. Situation: A really simple LDAP that searches for a users AD account - it works for some users, not for others. More bizarrely, for some people it seems to work occassionally. Setup: This is an internal intranet. ASP pages are served from IIS 6 on a WIN 2003 Server box. Annon Access is...
ASP / Active Server Pages
7
7035
ASP LDAP Query working on localhost but not webserver
by: MrHelpMe | last post by:
Sorry everyone, NOTE: I have posted this question to another site but unfortunately, am not getting the answers I need only because those helping haven't worked with ASP. I am in desperate need of a fix. I am using classic asp and making a connection to LDAP server using SQL code under IIS 5 on my localhost and it works great. I have a form and form fields that pull from active directory. Now, once I get the web team to deploy these...
ASP / Active Server Pages
0
8823
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
9530
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9238
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8237
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
6793
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6073
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4864
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3300
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
3
2206
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us