Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 08/02/05

• Next message: Eric Templin: "Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Previous message: Eric Templin: "DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• In reply to: Eric Templin: "DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Next in thread: Eric Templin: "Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Reply: Eric Templin: "Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 2 Aug 2005 08:36:59 -0500

The UserName and Password properties on the DirectoryEntry are not supported
for the IIS provider. You have to impersonate the user you want to use.

It says this somewhere in the documentation for the IIS provider, but it
isn't easy to find.

Joe K.

"Eric Templin" <etemplin@primepay.com> wrote in message
news:e096d708-05d9-4ed5-8e71-965bcecd0c45@msnews.microsoft.com...
>I have been developing a web-based application that will manage our FTP
>servers by creating users, folders, setting NTFS security and creating
>virtual directories. I have been devloping these pages in ASP.NET using
>DirectoryServices, and up until this point, I have had no problems. I have
>been able to create local user accounts, folders and set their security on
>the remote servers but I have not been able to create virtual directories.
>
> Here is my code...
>
> Dim FTPService As DirectoryEntry
> Dim FTPSites As DirectoryEntries
> Dim FTPSite As DirectoryEntry
>
> FTPServices = DirectoryEntry("IIS://SERVER/MSFTPSVC")
> 'FTPServices.UserName = "Domain\UserName"
> 'FTPServices.Password = "Password"
> FTPSites = FTPServices.Children
> For Each FTPSite in FTPSites
> Response.Write(FTPSite.Properties("ServerComment").Value)
> Next
>
> Every time I execute this code against any IIS server other than what is
> running on my own machine, I get an Access Denied error for any property I
> attempt to access or change/add.
>
> I have researched this for days, and every answer I find is security
> related. I have tried all of the following:
> 1. Configure IIS to run the website under admin credentials
> 2. Configure the machine.config to impersonate with admin credentials
> 3. Configure the web.config to impersonate with admin credentials
> 4. Use code level impersonation with admin credentials
>
> All fail with Access Denied against both W2K/IIS5 and W2K3/IIS6 servers.
> The security logs on all of these services shows failures by the ASPNET
> account on my machine attempting to access the box.
>
> My questions are these...
>
> 1. Why can I use DirectoryServices to create and manage local user
> accounts on a remote server, as well as NTFS folders and their security,
> but NOT manage IIS on the remote server?
> 2. Why is my code NOT impersonating as shown by the security logs on the
> remote servers?
>
> ANY help would be appreciated?
>
> Before you respond, know that I have used accounts that DO have admin
> rights not only on those servers, but also elsewhere in the domain. I have
> no intent on using these extremely powerful accounts for the production
> version of my code, but just for determining the cause of this problem.
> Also, if there is another way besides DirectoryServices, I would be
> willing to entertain approaching this from another angle.
>
>
> From
> http://www.developmentnow.com/g/14_2004_10_0_0_0/dotnet-framework-aspnet-security.htm
>
> Posted via DevelopmentNow.com Groups
> http://www.developmentnow.com

---

• Next message: Eric Templin: "Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Previous message: Eric Templin: "DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• In reply to: Eric Templin: "DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Next in thread: Eric Templin: "Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Reply: Eric Templin: "Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: "Sudden" Active Directory error on ASP.NET ... the problem is concerned with your asp.net web application's security ... | hard-coded userID and password in the DirectoryEntry constructor. ... It works on the development desktop but not on the IIS ... |> Hi Patrick, ... (microsoft.public.dotnet.framework.aspnet) WindowsImpersonationContext and DirectoryServices ... Active Directory (windows 2000). ... I impersonate the user with the code below (I get token via the ... credentials in the DirectoryEntry constructor? ... (microsoft.public.dotnet.framework.aspnet.security) Re: WindowsImpersonationContext and DirectoryServices ... Note that with the DirectoryEntry, you don't need impersonation like you do ... Active Directory (windows 2000). ... I impersonate the user with the code below (I get token via the ... credentials in the DirectoryEntry constructor? ... (microsoft.public.dotnet.framework.aspnet.security) Re: Authenticate agains several Active Directory Domains ... the DirectoryEntry fails is because by default, ... can impersonate another user to run under for this operation. ... > I need to restrict access to a certain part of a ASP.NET page to some> admin user and check their password agains the windows domain. ... > But when I try to access de.Children I get an error saying> ... (microsoft.public.dotnet.languages.csharp) Re: Programmatically change iis rights ... write and execute permissions programmatically for iis. ... You can also set a dummy scriptmap for mdf and mdf files. ... cause the access to the DirectoryEntry requires FullTrust. ... (microsoft.public.dotnet.framework.aspnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)