ASP.NET newbie needs to understand how impersonation works (with AD)

Hi,

I've read countless posts on this and I just can't get my page to work.  Quite simply, I have the following code on a webpage that creates a security group in AD.

 

 

        Dim SoftName As String = Me.txtInput.Text
        Dim dirEntry As New DirectoryEntry("LDAP://OU=Software,OU=Groups,OU=BEBRU," & Me.strRootDomain)

        Dim entries As DirectoryEntries = dirEntry.Children

        Dim InstallGroupString As String = "HH SWES GG " & SoftName
        Dim UnInstallGroupString As String = "HH SWES GG " & SoftName & " Uninstall"

        Dim group As DirectoryEntry = dirEntry.Children.Add("cn=" + InstallGroupString, "group")
        group.Properties("sAMAccountName").Value = InstallGroupString
        group.CommitChanges()

  

If I run that code locally, say in a normal forms project, it works fine.  However, as soon as I put in a webpage on a remote server and access it from my machine's browser I get an error on the dirEntry.Children.Add line.  It's obviously a permissions issue because if I hard code my userId and password when dirEntry is instantiated it works. 

What I want is that, when the code is run, it uses the credentials of the person accessing the page and, if I have understood correctly, that should be possible with impersonation but I'm somewhat confused as to what needs to be configured where.  In IIS I have the website set to "integrated windows authentication" and impersonation set to False in web.config but it makes no difference.

What do I need to do to have the webpage say "Hey.  This is Ginolard accessing this page, he's OK, he's a domain admin, he can create the group".  

Oh, hard-coding the userID and password anywhere (in code or the web.config is NOT an option.  The management would flip) 

0
Ginolard
2/5/2008 9:34:05 AM
asp.net.security 27051 articles. 0 followers. Follow

3 Replies
150 Views

Similar Articles

[PageSpeed] 48

This link might help in understanding impersonation

http://www.vikramlakhotia.com/AspNet_and_Impersonation.aspx


Vikram
www.vikramlakhotia.com


Please mark the answer if it helped you
0
vik20000in
2/5/2008 10:34:39 AM

Thanks but that's one of the sites I've read in the past.  I've tried setting impersonate to True but I still get an error on the same line.

 

Line 217:        Dim UnInstallGroupString As String = "HH SWES GG " & SoftName & " Uninstall"
Line 218:
Line 219: Dim group As DirectoryEntry = dirEntry.Children.Add("cn=" + InstallGroupString, "group")
Line 220: group.Properties("sAMAccountName").Value = InstallGroupString
Line 221: group.CommitChanges()

Source File: C:\Inetpub\Altiris_Portal\Index.aspx.vb    Line: 219

Stack Trace:

[COMException (0x80072020): An operations error occurred.
]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +451
System.DirectoryServices.DirectoryEntry.Bind() +36
System.DirectoryServices.DirectoryEntry.get_IsContainer() +31
System.DirectoryServices.DirectoryEntries.CheckIsContainer() +13
System.DirectoryServices.DirectoryEntries.Add(String name, String schemaClassName) +13
Test.Button2_Click(Object sender, EventArgs e) in C:\Inetpub\Altiris_Portal\Index.aspx.vb:219
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

 

0
Ginolard
2/5/2008 11:17:46 AM

I have done something similar:

1.Create an AD group that has authority to create group: add users to this group.

2. Have a service account  that you could use to create groups. In your directory entry, set the userid/pwd to this service account.

 Validate that users are members of the group#1 before allowing them to create groups. A little round about , in my situation AD maintenance works better with the infrastructure group.

 The way I understand is you need to have complete credentials: web.config will authenticate the userid/pwd but we need a different mechanism to hold this "authenticated token" for AD manipulation. I could be not be 100% correct here.
 

 



.

 

0
raghu1
2/5/2008 3:10:06 PM
Reply:

Similar Artilces:

Need help working around .NET security
I have problems with .NET security blocking the network programs I create.  If I use caspol to give full trust to the internet zone, then everything works fine.  I know I can use the Strong Name utility to create a strong name and add it to all my assemblies, but I would like an easier way.  Is it possible to disable .net security within my program and then re-enable it before closing the program?  I'm the network admin and I run apps that fix problems, or change account passwords, etc.  I have been told that some people will create an application in a non-.net p...

Newbie to VS.NET Needs Help Understanding References
I was comfortable doing ASP.NET development in Notepad, compiling my assemblies to my bin directory and accessing them from my .aspx pages. However, now I'm new to VS, and I'm having a difficult time understanding the "References" sub-directories that are included under each Project in my Solution Explorer. I hate to go to a forum for this information, but I haven't found anything helpful with Dynamic Help, on MSDN, or online that explains References well to beginners. Sadly, I'm not making much progress with trial and error. This topic is my Achille's heel right now, so I'd r...

Net:Net:Net::LDAP::FAQ
------_=_NextPart_001_01C6429F.D89AA417 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, Net::LDAP Net::LDAPS Is there a possible to LDAP bind with an encrypted (SHA, SSHA, CRYPT, ....) password? I don't like to write the secret password to the perl file. Best regards Barbara Wilbert ------_=_NextPart_001_01C6429F.D89AA417-- Wilbert Barbara (CI/OSI) * wrote: > Hello, > > Net::LDAP > Net::LDAPS > > Is there a possible to LDAP bind with an encrypted (SHA, SSHA, CRYPT, > ......

Re: Net::Telnet needs line of code added for fhopen to work with cygwin-perl and IO::Pty module in MSWin
> > It seems that on a MSWin OS there is no way to truly escape > > the infamous CR\LF. > > The TELNET protocol specifies CR LF as an end-of-line. The > Net::Telnet::print() code you mention converts the OS native EOL > to the TELNET EOL. > > If you're using Net::Telnet with a pseudo terminal then yes you > do want the EOL to be just CR. Alternatively you might want to set the pty to raw mode, which disables character translation and gives a more pipe-like semantics. The latest IO-Tty v1.00 has a set_raw() method... > Probably...

Type.GetType does not work in VB.NET but works in C#. VB.NET gurus Please help
Friends,   I am an experienced C# programmer who is working on a VB.NET project now. I am writing different methods covering the following functionalities 1) Take a datareader as input and return an arraylist of class object2) Take an xmlnode (received from a webservice) as input and return an arraylist of class object. The methods are generic methods which take datareader/xmlnode as first parameter and classname (string) as the second parameter. This way it will work trivially. The schema of class object matches with the input (datareader or xmlnode)In C# I used to do th...

Call to non .net COM not working after .NET
I have developed small samples of ASP.NET and one of them I tried to call a standard COM (non .NET). I took the code out for now, but a call to that COM from traditional ASP application now does not work. Does anyone have an idea how to correct this?...

Page.User.IsInRole only working to check AD in vs.net, does not work once site is published.
 RE: Page.User.IsInRole only working to check AD in vs.net, does not work once site is published.  I checked local IIS and site is configured to annonymous and Integrated Windows Security. This is Odd. I have an an AD group on my domain. I am able to restrict diretory access via the web config allow roles pointing to it. works great everywhere I deploy. And in my master page codebehind, I can test isinrole while in VS and works great. This statement being false.  If Not (Page.User.IsInRole("mydomain\myADgroup")) Then However if I publish the site to my l...

converting to vb.net from c#.net authorize.net
authorize.net offered me some sample code when I signed up with them the only problem is the sample code is in c#.net but my page that they type all of their credit card into is vb.net <code><%@ Import Namespace="System.Net" %> <%@ Import Namespace="System.IO" %> <script language="C#" runat="server"> void Page_Load(Object Src, EventArgs E) { myPage.Text = readHtmlPage("https://certification.authorize.net/gateway/transact.dll"); } private String readHtmlPage(string url) { ...

Differences between .net 1, .net 1.1, .net 2.0 and .net 3.0
Hi, This seems to be a common question, but i havent got an answer yet:(Can, any one please explain me the differences between these versions.If you keep your feet firmly on the ground, you'll have trouble putting on your pants! Have a look into this links http://en.wikipedia.org/wiki/.NET_Framework http://blogs.msdn.com/mohammadakif/archive/2006/12/03/net-3-0-different-versions-of-the-net-framework.aspx http://www.codeproject.com/aspnet/ComparisonASP1xASP20.aspAshok Rajawww.iGold.inDon't forget to click "Mark as Answer" on the post that helped you. This credits that m...

Which version of the .net framework works with VS.NET 2003
Can VS.NET 2003 run any version of the .net framework? I.E. - can this version run 2.0 of .net framework? Hi,VS2003 compiles for .NET Framework 1.1. Thanks,Teemu KeiskiFinland, EU although vs2003 targets the 1.1 framework, in many cases, applications created with vs2003 will run on both the 1.1 and 2.0 framework.backwards compatibility was an important goal for MS when the 2.0 framework was being created.you would need to thoroughly test to be sure though.http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetdep/html/netfxcompat.asp?frame=true#"docum_topic3"...

To .NET or not .NET, that is the question
I'm running WinXP pro 32-bit, meaning I've got the version 1-dot-something of .NET that XP came with. I've been looking for various softwares, and more and more often come across .NET version 2 being prerequisite. No urgency for me re. my questions to this group - so far I have just decided to hit the red X on those download pages - but the desire for this newer version of .NET seems to be growing for me. Firstly, according to my (limited) research, newer .NET versions are inclusive of the previous ones, and the current version seems to be 3.5. So if I go for i...

net send in .net
Hi,  I am trying to execute net send comman in my vb.net code. But I am getting "win32 exception unhandled error". Please help me. My code is:Dim psi As New ProcessStartInfo() psi.UseShellExecute = False psi.FileName = "Net send" 'xxx.xxx.xx.xx  - IP address of a system in my network psi.Arguments = "xxx.xxx.xx.xx test" Process.Start(psi)  Thanks in advance! Shwetha Tryu changing   psi.FileName = "Net send" 'xxx.xxx.xx.xx  - IP address of a system in my network psi.Arguments = "xxx.xxx.xx.xx test&quo...

NET hosting need for a newbie
I have a small web application on asp and several access databases. (site statistics show 80MB disk space usage and, 0.02 GB bandwidth usage) I started to convert (learn and rewrite) this application into ASP.NET. 1. I decided to use C# and SQL2005. I have a domain name already parked to use for ASP.NET. I need hosting for the development of new application. 2. Not necessary but, I wish moving the existing asp and mdb application to this new hosting if it worths. (actually this application will not be used after I complete .NET but th...

Linq defaulting to VB.net, need C#.net
Hi All, I have made my database mapping layer in Visual Studio and afterwards realized it wrote everything behind the scenes (in the dbml designer) in VB and not C#.  I tried creating a small dbml and selected C# as the language and it still created a VB designer.  This is the one thing I have left before I publish the ASP 3.5 version and the new mapping layer to production. Any idea's?  I couldn't find anything on the internet about this, Thanks in advance!!!Tim...

Access Net work mapped drive VB.NET
Hi I have a docuemnt mangemnt system coded in VB.NET. The system sometimes needs to get documents from Network mapped drive and shared drives. In development machine everything works fine. But when I moved the code to Test serever, it could not access the mapped drives. I tried all security settings. But still could not. I tried unc path, but it throws In valid user exception. Can anybody help m eto solve this issue. Thank you Jikk Hi Jikk, What login is your app running under? Whichever it is, it has to have permission to access the network, which ASPNET doesn'...

Web resources about - ASP.NET newbie needs to understand how impersonation works (with AD) - asp.net.security

Williams ready for Babe Ruth impersonation - YouTube
8/21/14: After making a promise to his team, Nationals manager Matt Williams talks about when he will do his Babe Ruth impersonation Check out ...

Judd Apatow's scathing Bill Cosby impersonation on Jimmy Fallon's Tonight Show
Apatow has been a steadfast critic of Bill Cosby over the past several months, torching Cosby on Twitter and in interviews.

Graeme Swann gives it to former teammate Kevin Pietersen with South African impersonation
It is no secret that English cricketers Graeme Swann and Kevin Pietersen&nbsp;had their differences during their playing career, but the impersonation ...

The Daily Show: Wyatt Cenac says he fought with Jon Stewart over impersonation
It's a safe bet former the Daily Show correspondent will not be mourning Jon Stewart's retirement next month.

Soldier impersonations 'all too common,' group says
A Canadian group that looks into cases of military impersonation says it is investigating about 135 cases similar to the story involving a Quebec ...

Two Men Arrested In Police Impersonation Case, Deputies Say
BENTON COUNTY (KFSM) - Two men were arrested in a police impersonation case, according to a news release. On Friday (Feb. 13) at 10:03 p.m., ...

Matt Pitt indicted on officer impersonation charge in Jefferson - Alabamas13.com WVTM-TV Birmingham ...
A Jefferson County grand jury has indicted youth evangelist Matt Pitt a charge of impersonating a police officer.

Conan O'Brien and David Letterman Do Dueling Jay Leno Impersonations (Video)
O&#39;Brien on Leno: &quot;There are very few ways in which he and I relate &hellip; we&#39;re not interested in the same things&quot;

The Poetry Of Impersonation
Stephen Burt enumerates the many ways poets can show up in their work: It seems to me that poetry in general lets you create a voice that is ...

YouTube fighting spam and impersonations in update to Google+ comments
It’s no secret: YouTube comments can be offensive. In an attempt to corral that behavior, Google introduced Google+ commenting for YouTube, effectively ...

Resources last updated: 11/25/2015 4:23:06 AM