471,330 Members | 1,523 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,330 software developers and data experts.

The following code IIS with WinXP SP2 but not on Windows 2003 SP1

<! -- Web.config-->
<authentication mode="Windows" />
<identity impersonate="true" />

<! -- Web.config-->

where Configurations.ADsUsersPath is
LDAP://domain.com/ou=Users,ou=Corporate,dc=domain,dc=com

ds = New DirectoryEntry(Configurations.ADsUsersPath)
'creates searcher object, set filter string ... tells seacher object to look
this object in the active directory
dsSrch = New DirectorySearcher(ds)

' pull this information about the object (user object)
dsSrch.Filter = Configurations.ADsQuery ''
"(&(objectClass=user)(objectCategory=person)(sAMAc countName=*))"
dsSrch.PropertiesToLoad.Add("sAMAccountName")
dsSrch.PropertiesToLoad.Add("mail")
dsSrch.PropertiesToLoad.Add("name")
dsSrch.PropertiesToLoad.Add("sn")
dsSrch.PropertiesToLoad.Add("givenName")
dsSrch.PropertiesToLoad.Add("telephoneNumber")
results = dsSrch.FindAll() ' commence search

on windows 2003 "results = dsSrch.FindAll()" throws an exception "
System.Runtime.InteropServices.COMException (0x8007200A): The specified
directory service attribute or value does not exist "

I know that it is problem with the security because if give user id and
password to the ds object it works fine.

Does anyone know what I can do get the above to work with impersonation?
Jul 22 '05 #1
1 2670
Hi Marlon,

Welcome to MSDN newsgroup.
From your description, you get a security related error when performing
ADSI query (through the System.DirectoryServices components) in ASP.NET
webapplication, yes?

As you mentioned that you've used impersonation in your web.config, I do
think that it's likely due to the asp.net's working process identity which
didn't have the sufficent permission. To confirm this, I suggest that we
try the following things first:

1. Logon as a powerful domain account (which has the sufficient permission
to query AD) and running those ADSI quer code in a desktop/winform or
console app to see whether it works.

2. If #1 works, try using the
<identity impersonate="true" userName="..." password="..." /> to
explicitly specify a powerful user account to impersonate your asp.net app
and to see whether it works.

If the above all works, we can get that it's your web appcliation 's client
user (whom is impersonated in your asp.net app) which dosn't have the
sufficient permission. Anyway, please check the above things first , if
there're any thing unclear, please feel free to post here.

Thanks & Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Marlon" <ya********@online.nospam>
| Subject: The following code IIS with WinXP SP2 but not on Windows 2003 SP1
| Date: Tue, 19 Jul 2005 10:58:27 -0400
| Lines: 35
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <u1**************@TK2MSFTNGP12.phx.gbl>
| Newsgroups: microsoft.public.dotnet.general
| NNTP-Posting-Host: ewimail2.exhibitworks.com 209.131.15.66
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:46345
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| <! -- Web.config-->
| <authentication mode="Windows" />
| <identity impersonate="true" />
|
| <! -- Web.config-->
|
| where Configurations.ADsUsersPath is
| LDAP://domain.com/ou=Users,ou=Corporate,dc=domain,dc=com
|
| ds = New DirectoryEntry(Configurations.ADsUsersPath)
| 'creates searcher object, set filter string ... tells seacher object to
look
| this object in the active directory
| dsSrch = New DirectorySearcher(ds)
|
| ' pull this information about the object (user object)
| dsSrch.Filter = Configurations.ADsQuery ''
| "(&(objectClass=user)(objectCategory=person)(sAMAc countName=*))"
| dsSrch.PropertiesToLoad.Add("sAMAccountName")
| dsSrch.PropertiesToLoad.Add("mail")
| dsSrch.PropertiesToLoad.Add("name")
| dsSrch.PropertiesToLoad.Add("sn")
| dsSrch.PropertiesToLoad.Add("givenName")
| dsSrch.PropertiesToLoad.Add("telephoneNumber")
| results = dsSrch.FindAll() ' commence search
|
| on windows 2003 "results = dsSrch.FindAll()" throws an exception "
| System.Runtime.InteropServices.COMException (0x8007200A): The specified
| directory service attribute or value does not exist "
|
| I know that it is problem with the security because if give user id and
| password to the ds object it works fine.
|
| Does anyone know what I can do get the above to work with impersonation?
|
|
|

Jul 22 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Jorg Rødsjø | last post: by
2 posts views Thread by LordBlue | last post: by
2 posts views Thread by Grei | last post: by
3 posts views Thread by Christian Nunciato | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.