Works on Server... not on Client

From: Rob Edwards (RobEdwards@Elliptus.com)
Date: 04/10/03 

From: "Rob Edwards" <RobEdwards@Elliptus.com>
Date: Thu, 10 Apr 2003 10:58:26 -0400

I have created an ASP.net application in Visual Studio (2003 Beta) that
creates mailboxes in an Exchange 5.5 and AD environment. The page runs
great on both my development box as well as the server itself.

Initially, the page loads without incident on another workstation. I enter
the appropriate information and validate the AD account. When I try and
create the mailbox I receive a challenge from the web server to logon:

Connecting to webserver.subdomain.domain.net
Username:
Password:

At this point it doesn't matter what user account I enter, the logon dialog
box appears for it's normal 3 times then I receive the below error:

General access denied error
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: General access denied
error

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add the
appropriate user or group. Highlight the ASP.NET account, and check the
boxes for the desired access.

Source Error:

Line 299: objNewUser.Put("Replication-Sensitivity", 20)
Line 300: objNewUser.Put("MDB-Use-Defaults", True)
Line 301: sid.SetAs(5, "WinNT://DOMAIN/" & txtNTAccount.Text &
",user")
Line 302: sidHex = sid.GetAs(ADS_SID_HEXSTRING)
Line 303: objNewUser.Put("Assoc-NT-Account", sidHex)

This (at least to me) is obviously a Security-related issue since it works
fine when run on the server itself. I have Identity Impersonate="true" in
the web.config file. The ASPNET account has the ability to logon locally
and act as part of the OS. The only authentication type is Windows
Integrated.

Any help or insight would be greatly appreciated.

Thanks,
Rob

Relevant Pages

  • Re: Security Access Issues with Veritas 9.1
    ... logon account. ... >>mailboxes for some time with no problem. ... >>Veritas now will no longer access the mailboxes (still ...
    (microsoft.public.exchange.misc)
  • Re: Just want a mailbox :O(
    ... You have a point here of course, but the fact that the logon is possible ... Disabling the account does not help since POP3 logons fail then. ... I want to create some mailboxes for POP3 users only. ...
    (microsoft.public.exchange.admin)
  • Exchange System Manager
    ... Exchange System Manager shows NT AUTHORITY/SYSTEM as being the last account ... to logon to several mailboxes. ...
    (microsoft.public.exchange.admin)
  • Re: Sample Logon Script
    ... > Re-entered push account and here is some of the CCM.log ... > Submitted request successfully SMS_CLIENT_CONFIG_MANAGER ... > name "ZRWKSHYMAN", in queue "Processing". ... > ---> Trying each entry in the SMS Client Remote ...
    (microsoft.public.sms.admin)
  • Re: MS Exchage 2003 License Question
    ... What I would say is do not contact Microsoft, they won't help you (or just ... > server licence, on top of the O/S licence with a licence for every active ... > directory account also. ... > What if thirty mailboxes aliases were linked to one AD account and thirty ...
    (microsoft.public.exchange.setup)