ASP.NET Role Manager Provider

Definitely sounds like a permissions issue - so i think you're on the right track. Are you using asp.NET ? If so, try checking the user authentication in your web.config.

Also, what error does it give you?

Sincerely,
Mark

It's definitely a permissions issue and yes I'm using ASP.NET. If I set in the web.config file to impersonate and also assign it a username and password that is part of the Roles, it allows people to login but it also gives them full access to the site since the user that it is impersonating has full rights. Also I'm using Forms Authentication against Active Directory. This is the error I get when I take impersonation off Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) which I know is due to the fact that access to the website is denied but it gives it to everybody even the people that are supposed to have access. I know if you have impersonate on it will impersonate the anonymous user account which is not what I want. Is there a way to have ASP pull the username and password and then impersonate that user, if that makes any sense. I followed everything on setting up ASP to authenticate against Active Directory and using AzMan roles, works great in development but not in production. Wish there was a way to see what credentials it's using to validate against the roles. I appreciate any help. Thank you.

This forum is for classic asp so you'll find it difficult to get the help you need. I'm no expert in .net but I did some searching around regardless...

I found one resource that may help you

http://forums.microsoft.com/MSDN/Sho...52850&SiteID=1

In the meantime, I'll contact a mod to have this thread moved to the .net forum where the resident experts there will be able to help you much more than we can.

Good luck!
Sincerely,
Mark

It's definitely a permissions issue and yes I'm using ASP.NET. If I set in the web.config file to impersonate and also assign it a username and password that is part of the Roles, it allows people to login but it also gives them full access to the site since the user that it is impersonating has full rights. Also I'm using Forms Authentication against Active Directory. This is the error I get when I take impersonation off Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) which I know is due to the fact that access to the website is denied but it gives it to everybody even the people that are supposed to have access. I know if you have impersonate on it will impersonate the anonymous user account which is not what I want. Is there a way to have ASP pull the username and password and then impersonate that user, if that makes any sense. I followed everything on setting up ASP to authenticate against Active Directory and using AzMan roles, works great in development but not in production. Wish there was a way to see what credentials it's using to validate against the roles. I appreciate any help. Thank you.

Okay I've been working on this issue some more. I moved the website to our web server that would be running the website. I can login with a user thats part of the domain admins group, and it authorizes the person with no problems, but if I use another user that should have the same access rights as the Domain Admins which is part of the Managers group in the AzMan xml file, it will fail with the same error above. Is there anyway to see what file it's trying to access that it's being denied access too. I look in the event log and it shows that it AUthenicated the user but when it tries to redirect to the default url after authentication it fails. I get an event code of 4011 which I've researched and can't find anything really specific to my problem. I also tried the DCOM fix as described earlier but it didn't change anything. I've posted the Exception that it throws below. Can someone please help. Thank you.


Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))]

[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeType.InvokeDispMethod(String name, BindingFlags invokeAttr, Object target, Object[] args, Boolean[] byrefModifiers, Int32 culture, String[] namedParameters) +0
System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams) +436
System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder binder, Object target, Object[] args, CultureInfo culture) +31
System.Web.Security.AuthorizationStoreRoleProvider .CallMethod(Object objectToCallOn, String methodName, Object[] args) +178
System.Web.Security.AuthorizationStoreRoleProvider .GetClientContextFromName(String userName) +146
System.Web.Security.AuthorizationStoreRoleProvider .GetClientContext(String userName) +73
System.Web.Security.AuthorizationStoreRoleProvider .GetRolesForUserCore(String username) +54
System.Web.Security.AuthorizationStoreRoleProvider .GetRolesForUser(String username) +68
System.Web.Security.RolePrincipal.IsInRole(String role) +272
System.Web.Configuration.AuthorizationRule.IsTheUs erInAnyRole(StringCollection roles, IPrincipal principal) +120
System.Web.Configuration.AuthorizationRule.IsUserA llowed(IPrincipal user, String verb) +300
System.Web.Configuration.AuthorizationRuleCollecti on.IsUserAllowed(IPrincipal user, String verb) +191
System.Web.Security.UrlAuthorizationModule.OnEnter (Object source, EventArgs eventArgs) +2246676
System.Web.SyncEventExecutionStep.System.Web.HttpA pplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +64




--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

[quote=Sartuche24]Okay I've been working on this issue some more. I moved the website to our web server that would be running the website...

Sartuche,

I'm having this same problem. Were you able to find a solution?

Thanks,
Greg

Unfortunately I never found an answer to this, I asked around on several other forums to no avail. I developed a way of querying AD Groups and then using the ASPNET DB for roles, if a user is in a Specific groups they will be associated with certain roles that I have set aside and so far it's been working like a charm.