Re: Security Problem With Active Directory

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 07/03/04


Date: Sat, 3 Jul 2004 11:40:10 -0500

It is a security context problem. ASP.NET typically runs as a local machine
account instead of a domain account, and ADSI/S.DS needs the domain security
context to infer a domain controller when you use serverless binding.

You should either specify a specific domain controller DNS name, specify the
DNS name of the domain you want to use, or change your underlying security
model in ASP.NET to use a domain account. For the first two options, you
binding string would change to:
LDAP://mydc.mydomain.com/rootdse
LDAP://mydomain.com/rootdse

More details here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

Joe K.

"Hriday" <hriday_rai@yahoo.com> wrote in message
news:%23JKcFkMYEHA.3420@TK2MSFTNGP12.phx.gbl...
> Hi there,
>
> I want to get root path for my Active directory. My Active Directory
Machine and Web server are on different phisical machine in the same domain.
When I execute bellow code form my Web server machine in a web Application,I
get error that The specified domain either does not exist or could not be
contacted.
>
> Dim RootDSE As New
> DirectoryServices.DirectoryEntry("LDAP://RootDSE")
> MsgBox(RootDSE.Properties("DefaultNamingContext").Value)
>
>
> But the same code gives my root path of AD as
> DC=AD,DC=MyComp,DC=Com when I excute it from a Windows
> Applicatoin. Why is it so...?
>
> same code gives right result from Windows App, but gives
> above error from my Web Application...is this because of
> there is some (security)problem of my IIS ? otherwise what is
> different in accessing AD through Windows App and Web App..
>
> How can I get or set my IIS root path to my Active
> directory?
>
> any help highelly appreciated.
>
> Thanking you..
> Hriday.
>
>
> ___
> Newsgroups brought to you courtesy of www.dotnetjohn.com



Relevant Pages

  • Re: NTLM authentication
    ... EventLog and watch the security events after each bind. ... This should fail because authentication will be done to the LOCAL SAM and you said BOB ... where domain is your logon domain and user a domain account. ... makes it possible for the Security Provider to make a distinction between a local account ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: NTLM authentication
    ... If I authenticate as I did againt ADAM with their login/pwd, ... Clear the Security EventLog and watch the security events after each bind. ... Note that this can' be done on NT4, so you can only watch the local logon attempts. ... Now, use the "domain\\user" syntax for the username in your DirectoryEntry constructor, where domain is your logon domain and user a domain account. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Opening Files On Other Server ?
    ... > to access a remote resource, the asp.net needs a primary security token ... > a domain account with access to the resource. ... >> server but i am getting security issues. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Login failed for user NT AUTHORITYANONYMOUS LOGON.
    ... I have a developer who set up a site to sue sql integrated ... This is a .net site. ... Interated Security checked. ... should make sure the domain account is not locked out. ...
    (microsoft.public.inetserver.iis.security)