The following code IIS with WinXP SP2 but not on Windows 2003 SP1

M

Marlon

<! -- Web.config-->
<authentication mode="Windows" />
<identity impersonate="true" />

<! -- Web.config-->

where Configurations.ADsUsersPath is
LDAP://domain.com/ou=Users,ou=Corporate,dc=domain,dc=com

ds = New DirectoryEntry(Configurations.ADsUsersPath)
'creates searcher object, set filter string ... tells seacher object to look
this object in the active directory
dsSrch = New DirectorySearcher(ds)

' pull this information about the object (user object)
dsSrch.Filter = Configurations.ADsQuery ''
"(&(objectClass=user)(objectCategory=person)(sAMAccountName=*))"
dsSrch.PropertiesToLoad.Add("sAMAccountName")
dsSrch.PropertiesToLoad.Add("mail")
dsSrch.PropertiesToLoad.Add("name")
dsSrch.PropertiesToLoad.Add("sn")
dsSrch.PropertiesToLoad.Add("givenName")
dsSrch.PropertiesToLoad.Add("telephoneNumber")
results = dsSrch.FindAll() ' commence search

on windows 2003 "results = dsSrch.FindAll()" throws an exception "
System.Runtime.InteropServices.COMException (0x8007200A): The specified
directory service attribute or value does not exist "

I know that it is problem with the security because if give user id and
password to the ds object it works fine.

Does anyone know what I can do get the above to work with impersonation?
 
S

Steven Cheng[MSFT]

Hi Marlon,

Welcome to MSDN newsgroup.
From your description, you get a security related error when performing
ADSI query (through the System.DirectoryServices components) in ASP.NET
webapplication, yes?

As you mentioned that you've used impersonation in your web.config, I do
think that it's likely due to the asp.net's working process identity which
didn't have the sufficent permission. To confirm this, I suggest that we
try the following things first:

1. Logon as a powerful domain account (which has the sufficient permission
to query AD) and running those ADSI quer code in a desktop/winform or
console app to see whether it works.

2. If #1 works, try using the
<identity impersonate="true" userName="..." password="..." /> to
explicitly specify a powerful user account to impersonate your asp.net app
and to see whether it works.

If the above all works, we can get that it's your web appcliation 's client
user (whom is impersonated in your asp.net app) which dosn't have the
sufficient permission. Anyway, please check the above things first , if
there're any thing unclear, please feel free to post here.

Thanks & Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)








--------------------
| From: "Marlon" <[email protected]>
| Subject: The following code IIS with WinXP SP2 but not on Windows 2003 SP1
| Date: Tue, 19 Jul 2005 10:58:27 -0400
| Lines: 35
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.dotnet.general
| NNTP-Posting-Host: ewimail2.exhibitworks.com 209.131.15.66
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:46345
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| <! -- Web.config-->
| <authentication mode="Windows" />
| <identity impersonate="true" />
|
| <! -- Web.config-->
|
| where Configurations.ADsUsersPath is
| LDAP://domain.com/ou=Users,ou=Corporate,dc=domain,dc=com
|
| ds = New DirectoryEntry(Configurations.ADsUsersPath)
| 'creates searcher object, set filter string ... tells seacher object to
look
| this object in the active directory
| dsSrch = New DirectorySearcher(ds)
|
| ' pull this information about the object (user object)
| dsSrch.Filter = Configurations.ADsQuery ''
| "(&(objectClass=user)(objectCategory=person)(sAMAccountName=*))"
| dsSrch.PropertiesToLoad.Add("sAMAccountName")
| dsSrch.PropertiesToLoad.Add("mail")
| dsSrch.PropertiesToLoad.Add("name")
| dsSrch.PropertiesToLoad.Add("sn")
| dsSrch.PropertiesToLoad.Add("givenName")
| dsSrch.PropertiesToLoad.Add("telephoneNumber")
| results = dsSrch.FindAll() ' commence search
|
| on windows 2003 "results = dsSrch.FindAll()" throws an exception "
| System.Runtime.InteropServices.COMException (0x8007200A): The specified
| directory service attribute or value does not exist "
|
| I know that it is problem with the security because if give user id and
| password to the ds object it works fine.
|
| Does anyone know what I can do get the above to work with impersonation?
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DirectorySearcher works locally in VS2005 but not on webserver 4
Problem updating Active Directory from code 1
Active Directory searches 1
Problem interfacing with Active Directory 4
Problem with DirectorySearcher 1
"Sudden" Active Directory error on ASP.NET 9
csvde with windows server 2003 1
LDAP lookup: fails on remote computers -- Please help 3

Top