AzMan non-admin problem under Win XP

---

• From: Vovan.Net
• Date: Tue, 10 Oct 2006 11:11:05 -0700

---

Hello All,

I have a problem with AzMan under Windows XP.
On my web site I use AzMan/AD role management. Store installed on Win 2003 SP1 server, but site works under WinXP SP2.

For IIS identity domain account with non-admin?s privileges is used.

In this case the error occurs: "The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))" when page is loaded or after role checking (Roles.IsUserInRole(User.Identity.Name, "Administrator")). But if I add domain account to local Administrators group - everything works correctly.

We face this problem only if site runs under Win XP. If site runs under Win 2003 ? it is ok.

It is forbidden to run the site under administrator. How could this problem be resolved? Do you have an insight on this?

I used microsoft sample from :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000018.asp?_r=1

with following web.config:

connectionStrings>
add name="AzManADAMServer" connectionString="msldap://server:50000/CN=AzManADAMStore,OU=SecNetPartition,O=SecNet,C=US"; />
/connectionStrings>

identity impersonate="true" userName="corp\test" password="xxxxxxx"/>
authentication mode="Windows"/>
authorization>
deny users="?"/>
/authorization>

roleManager
enabled="true"
cacheRolesInCookie="false"
defaultProvider="RoleManagerAzManADAMProvider"
cookieName=".ASPXROLES"
cookiePath="/"
cookieTimeout="1"
cookieRequireSSL="false"
cookieSlidingExpiration="false"
createPersistentCookie="false"
cookieProtection="None">
providers>
add name="RoleManagerAzManADAMProvider"
type="System.Web.Security.AuthorizationStoreRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, publicKeyToken=b03f5f7f11d50a3a"
connectionStringName="AzManADAMServer"
applicationName="iHomeOwner"
/>
/providers>
/roleManager>
.

---

• Follow-Ups:
  • Re: AzMan non-admin problem under Win XP
    • From: Dominick Baier

• Prev by Date: Re: Can't get Impersonation / delegation to work
• Next by Date: Re: Can't get Impersonation / delegation to work
• Previous by thread: Re: Can't get Impersonation / delegation to work
• Next by thread: Re: AzMan non-admin problem under Win XP
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: 265,000 new zombie PCs a day! ... there are so many holes in OS X that will let an attacker ... Windows never was designed to be a network, ... Apple hasn't fixed the "entire problem" on OS X. ... in privileges. ... (comp.sys.mac.advocacy) Re: 265,000 new zombie PCs a day! ... there are so many holes in OS X that will let an attacker take ... Windows never was designed to be a network, ... Apple hasn't fixed the "entire problem" on OS X. ... in privileges. ... (comp.sys.mac.advocacy) Re: Five Architectural Flaws in Windows Solved In Mac OS X ... It is possible to construct a service that interacts with the user and is highly privileged in Windows. ... Since Windows uses a Secure Attention Key, it is not possible to leech passwords with a fake password dialog. ... In a lot of the cases where OS X prompts for a password, it isn't because it's necessary to escalate privileges, because actual root privileges are needed. ... (comp.sys.mac.advocacy) Re: Is Windows inherently more vulnerable to malware attacks than OS X? ... in privileges. ... code on Windows; ... My right to track down malware on ... users need to be able to access their own files, install ... (comp.sys.mac.advocacy) Is Windows inherently more vulnerable to malware attacks than OS X? ... It took an attack on a Windows production server, ... Windows services that run with SYSTEM privileges. ... · By default, Windows launches all services with SYSTEM-level ... (comp.sys.mac.advocacy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-10