473,386 Members | 1,621 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > ldap connection & query works on xp, but not on 2003

Join Bytes to post your question to a community of 473,386 software developers and data experts.

LDAP connection & query works on XP, but not on 2003

Hello.

I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will perform
lookups based on the current user (integrated auth) to an LDAP server which
requires no login (AuthenticationTypes.None). When I run it, I get the
following ambiguous error:

Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

But - the ldap query works flawlessly on my XP development machine (where I
am logged into the domain also).

What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authentication mode="Windows" />
<identity impersonate="true"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.DirectoryServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)

I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservices dll (or
some other windows 2003 config setting), when it is called. What leads me to
that conclusion is when I am debugging, I will not get that error when i rem
out the line --> dirEntry = new
DirectoryEntry("LDAP://server:389/ou=People,o=site.org"); <---. When that
line is unrem'd, the debugger never begins to debug - I get the error first.

using System.DirectoryServices;

........

DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry(LDAP://server:389/ou=People,o=site.org);
dirEntry.AuthenticationType = AuthenticationTypes.None;
//perform lookup

Thanks much in advance for any ideas. Again, my code is good - it works on
my other box. It just doesn't run on the server.
Jul 21 '05 #1
3 4957
This has nothing to do with windows security, it's a Code Access Security
issue. Do you run this code from a networkshare perhaps?
If you do, you must change the CAS settings.

Willy.

"jeremy" <JJ@mailinator.com> wrote in message
news:%2***************@TK2MSFTNGP14.phx.gbl...
Hello.

I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will
perform
lookups based on the current user (integrated auth) to an LDAP server
which
requires no login (AuthenticationTypes.None). When I run it, I get the
following ambiguous error:

Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

But - the ldap query works flawlessly on my XP development machine (where
I
am logged into the domain also).

What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authentication mode="Windows" />
<identity impersonate="true"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.DirectoryServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)

I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservices dll (or
some other windows 2003 config setting), when it is called. What leads me
to
that conclusion is when I am debugging, I will not get that error when i
rem
out the line --> dirEntry = new
DirectoryEntry("LDAP://server:389/ou=People,o=site.org"); <---. When that
line is unrem'd, the debugger never begins to debug - I get the error
first.

using System.DirectoryServices;

.......

DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry(LDAP://server:389/ou=People,o=site.org);
dirEntry.AuthenticationType = AuthenticationTypes.None;
//perform lookup

Thanks much in advance for any ideas. Again, my code is good - it works on
my other box. It just doesn't run on the server.

Jul 21 '05 #2
Thanks for your help. I wasn't running from a network share, but based on
your reply, was able to come to a solution.

After reading this document -->
http://msdn.microsoft.com/library/de...l/secmod81.asp
and this document -->
http://msdn.microsoft.com/library/de...l/secmod82.asp
I ran some tests and came to the realization that I probably have to load
the dll into the GAC. I tinkered with the machine.config and added my own
custom security configuration files, but to no avail. There must be
something about the system.directoryservices dll that requires full access.
I wasn't able to figure out how to do that, so I tried the last resort -
gac. strong named it, and added the dll to the gac using the .NET
Configuration 1.1 snap-in. Restarted IIS and it worked. Will likely use this
solution when the project goes into production next week.

I hope this helps someone else who is running sharepoint (@ medium security)
and ASP.NET

Thanks for your help Willy. If you do have any other suggestions as to why /
how to add the System.DirectoryServices to some customized .config files, I
am all ears.
"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:#$**************@tk2msftngp13.phx.gbl...
This has nothing to do with windows security, it's a Code Access Security
issue. Do you run this code from a networkshare perhaps?
If you do, you must change the CAS settings.

Willy.

"jeremy" <JJ@mailinator.com> wrote in message
news:%2***************@TK2MSFTNGP14.phx.gbl...
Hello.

I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will
perform
lookups based on the current user (integrated auth) to an LDAP server
which
requires no login (AuthenticationTypes.None). When I run it, I get the
following ambiguous error:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

But - the ldap query works flawlessly on my XP development machine (where I
am logged into the domain also).

What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authentication mode="Windows" />
<identity impersonate="true"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.DirectoryServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)

I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservices dll (or some other windows 2003 config setting), when it is called. What leads me to
that conclusion is when I am debugging, I will not get that error when i
rem
out the line --> dirEntry = new
DirectoryEntry("LDAP://server:389/ou=People,o=site.org"); <---. When that line is unrem'd, the debugger never begins to debug - I get the error
first.

using System.DirectoryServices;

.......

DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry(LDAP://server:389/ou=People,o=site.org);
dirEntry.AuthenticationType = AuthenticationTypes.None;
//perform lookup

Thanks much in advance for any ideas. Again, my code is good - it works on my other box. It just doesn't run on the server.


Jul 21 '05 #3
>>There must be something about the system.directoryservices dll that requires full access.

To a certain degree - yes. You might want to post your question to the

microsoft.public.adsi.general

newsgroup - there are a number of very highly skilled AD / ASP.NET
programmers hanging out there who definitely knows this in depth. (I'm
not a ASP.NET guy, so I can't really help you myself).

Marc

================================================== ==============
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
Jul 21 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
LDAP Settings
by: sergio | last post by:
Hello I try to set my LDAP to accept query comming from a .asp aplication On windows 2000 , all works fine. The user logging in to my asp aplication is aut. by the AD LDAP Trying the same...
.NET Framework
1
ASP & LDAP
by: Enigma Webmaster | last post by:
We've had an ASP running for about 9 months which returns a full listing of network users (taken directly from AD), and it has now stopped working with the following; Provider Error '80004005'....
ASP / Active Server Pages
0
Using Novell (via LDAP?) to authenicate
by: Tim | last post by:
Hello, I'm trying very (too) hard to log uses LDAP (via ADSI) to autheniticate users in an A2k2 application. We have AD and I have that working slick. We are in a tranistion from NDS to AD and...
Microsoft Access / VBA
0
NDS authenication via LDAP
by: Tim | last post by:
Hello, I'm trying very (too) hard to log uses LDAP (via ADSI) to autheniticate users in an A2k2 application. We have AD and I have that working slick. We are in a tranistion from NDS to AD and...
Microsoft Access / VBA
5
asp.net and ldap
by: Bryan | last post by:
Hello, I have a asp.net app working with directory services on my Windows XP development machine. However when I moved the application over to our production server (Win 2000 Server) it no longer...
ASP.NET
3
LDAP connection & query works on XP, but not on 2003
by: jeremy | last post by:
Hello. I have an asp.net application that resides on a non-DC / BDC Sharepoint Server (although it is logged into the domain). The application will perform lookups based on the current user...
.NET Framework
2
LDAP Authentication fails on Web Application
by: Anbu | last post by:
Sorry for cross posting the query. But I need a resolution as early as possible. I have developed an application to authenticate the user based on LDAP Search and authentication. The Windows...
ASP.NET
2
LDAP Query - Not working *sometimes*
by: HamishC | last post by:
Hi all, I have been knocking my head against this one for a few days -- haven't been able to find a solution to this anywhere so hopefully someone can help. Situation: A really simple LDAP that...
ASP / Active Server Pages
7
ASP LDAP Query working on localhost but not webserver
by: MrHelpMe | last post by:
Sorry everyone, NOTE: I have posted this question to another site but unfortunately, am not getting the answers I need only because those helping haven't worked with ASP. I am in desperate...
ASP / Active Server Pages
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!