D
dln
I'm a bit new to developing web applications and I've run up against a
security issue that perhaps someone could shed some light on. Basically,
I'm trying to develop a web interface that allows certain members of our
organization to administer distribution groups in a specific OU in Active
Directory.
So far, I've been able to set up the web app to query AD objects (users,
groups and contacts to be specific). However, I can not seem to use the web
interface to create new groups. After creating a new group using the
DirectoryEntry class, I attempt to commit my changes by calling the
DirectoryEntry object's CommitChanges method and it is at this point that my
web app throws an exception that reads "General access denied error".
What's confusing me is that if I run the exact same code in a stand-alone
application, the group is created with no errors. When I check the web
app's User object, I am running the application as a user that has full
administrative access for the domain (it's the same account the stand-alone
app is running under). When running a web app, are operations on the web
server run under the security context of the user ID the web application is
running under or are they executed under the context of the account the web
server is running under? Does anybody have any suggestions?
Thanks.
security issue that perhaps someone could shed some light on. Basically,
I'm trying to develop a web interface that allows certain members of our
organization to administer distribution groups in a specific OU in Active
Directory.
So far, I've been able to set up the web app to query AD objects (users,
groups and contacts to be specific). However, I can not seem to use the web
interface to create new groups. After creating a new group using the
DirectoryEntry class, I attempt to commit my changes by calling the
DirectoryEntry object's CommitChanges method and it is at this point that my
web app throws an exception that reads "General access denied error".
What's confusing me is that if I run the exact same code in a stand-alone
application, the group is created with no errors. When I check the web
app's User object, I am running the application as a user that has full
administrative access for the domain (it's the same account the stand-alone
app is running under). When running a web app, are operations on the web
server run under the security context of the user ID the web application is
running under or are they executed under the context of the account the web
server is running under? Does anybody have any suggestions?
Thanks.