Re: Calling NetUserGetInfo from ASP.NET app

From: "Michael D'Angelo" <nospamnmdange@xxxxxxxxxxxxxxx>
Date: Wed, 24 May 2006 16:47:51 -0400

Nevermind, I fixed it by calling the ImpersonateSelf native api, and passing
SECURITY_IMPERSONATION_LEVEL.SecurityDelegation.
http://msdn.microsoft.com/library/en-us/secauthz/security/impersonateself.asp

"Michael D'Angelo" <nospamnmdange@xxxxxxxxxxxxxxx> wrote in message
news:uE6bi32fGHA.324@xxxxxxxxxxxxxxxxxxxxxxx

I also get Access is Denied if I use System.DirectoryServices using WinNT,
or Operations Error using LDAP.

"Michael D'Angelo" <nospamnmdange@xxxxxxxxxxxxxxx> wrote in message
news:%23Hwzuz2fGHA.4464@xxxxxxxxxxxxxxxxxxxxxxx

I have an ASP.NET 2.0 app with windows authentication and impersonation
enabled. The application pool is running as local system.

I'm trying to call NetUserGetInfo to retrieve the full name of a user
account. The code works when run from a console application. When I
execute it from the ASP.NET page, I can see in the event log on the
domain controller the following failure audit:
Object Open:

Object Server: Security Account Manager

Object Type: SAM_SERVER

Object Name: CN=Server,CN=System,DC=domain,DC=com

Handle ID: -

Operation ID: {0,706132358}

Process ID: 544

Process Name: C:\WINDOWS\system32\lsass.exe

Primary User Name: DC$

Primary Domain: DOMAIN

Primary Logon ID: (0x0,0x3E7)

Client User Name: ANONYMOUS LOGON

Client Domain: NT AUTHORITY

Client Logon ID: (0x0,0x2A16B979)

Accesses: MAX_ALLOWED

Privileges: -

Properties:

---

samServer

Access Mask: 0

So it appears as though delegation is not working...however I've gone
into the properties on teh server, and in the delegation tab, I've added
every service listed on the domain controller, using any authentication
protocol. Despite this it's still failing. Any ideas?

References:
- Calling NetUserGetInfo from ASP.NET app
  - From: Michael D'Angelo
- Re: Calling NetUserGetInfo from ASP.NET app
  - From: Michael D'Angelo

Prev by Date: Re: Calling NetUserGetInfo from ASP.NET app
Next by Date: Re: Calling NetUserGetInfo from ASP.NET app
Previous by thread: Re: Calling NetUserGetInfo from ASP.NET app
Next by thread: Re: Calling NetUserGetInfo from ASP.NET app
Index(es):
- Date
- Thread

Relevant Pages

Re: Calling NetUserGetInfo from ASP.NET app
... or Operations Error using LDAP. ... Client User Name: ANONYMOUS LOGON ... the properties on teh server, and in the delegation tab, I've added every ...
(microsoft.public.dotnet.framework.aspnet.security)
Calling NetUserGetInfo from ASP.NET app
... I have an ASP.NET 2.0 app with windows authentication and impersonation ... Client User Name: ANONYMOUS LOGON ... the properties on teh server, and in the delegation tab, I've added every ...
(microsoft.public.dotnet.framework.aspnet.security)
RE: Event ID 529 on cleint workstation
... Security Event ID 529 is a failure audit for logon/logoff. ... "logon events" generate the events on domain controllers for domain account ... The Event 529 was caused by the machine account password not being ... I suggest that you re-join the client to ...
(microsoft.public.windows.server.sbs)
Re: Event ID 529 on cleint workstation
... "logon events" generate the events on domain controllers for domain account ... The Event 529 was caused by the machine account password not being ... I suggest that you re-join the client to ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
Re: NT4 -> Win2K3 question
... "not allow me logon to domain." ... I suspect you still unable to join the ... client into domain, right? ... Get Secure! ...
(microsoft.public.windows.server.migration)