Re: AzMan non-admin problem under Win XP

Addition info : following code pass successufully with admins rights, but
with user's rights it causes error "Value does not fall within the expected
range"

String azManConnectionString =
"msldap://server:50000/CN=AzManADAMStore,OU=SecNetPartition,O=SecNet,C=US";;
String azManApplicationName = "test";

AzAuthorizationStore _azStore = new AzAuthorizationStoreClass();
_azStore.Initialize(0, azManConnectionString, null);


"Vladimir" wrote:

Yes. User is in "Administrator", "Reader", "Delegated User" roles

"Dominick Baier" wrote:

does this uses have read access to the application partition - also in the
AzMan GUI - is the user in the "reader" role (somewhere in the properties)?

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

Hello All,

I have a problem with AzMan under Windows XP.
On my web site I use AzMan/AD role management. Store installed on Win
2003 SP1 server, but site works under WinXP SP2.
For IIS identity domain account with non-admin’s privileges is used.

In this case the error occurs: "The parameter is incorrect. (Exception
from HRESULT: 0x80070057 (E_INVALIDARG))" when page is loaded or after
role checking (Roles.IsUserInRole(User.Identity.Name,
"Administrator")). But if I add domain account to local Administrators
group - everything works correctly.

We face this problem only if site runs under Win XP. If site runs
under Win 2003 – it is ok.

It is forbidden to run the site under administrator. How could this
problem be resolved? Do you have an insight on this?

I used microsoft sample from :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpa
g2/html/PAGHT000018.asp?_r=1
with following web.config:

add name="AzManADAMServer"
connectionString="msldap://server:50000/CN=AzManADAMStore,OU=SecNetPar
tition,O=SecNet,C=US" />
/connectionStrings>
identity impersonate="true" userName="corp\test" password="xxxxxxx"/>
authentication mode="Windows"/>
deny users="?"/>
/authorization>
roleManager
enabled="true"
cacheRolesInCookie="false"
defaultProvider="RoleManagerAzManADAMProvider"
cookieName=".ASPXROLES"
cookiePath="/"
cookieTimeout="1"
cookieRequireSSL="false"
cookieSlidingExpiration="false"
createPersistentCookie="false"
cookieProtection="None">
add name="RoleManagerAzManADAMProvider"
type="System.Web.Security.AuthorizationStoreRoleProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
publicKeyToken=b03f5f7f11d50a3a"
connectionStringName="AzManADAMServer"
applicationName="iHomeOwner"
/>
/providers>
/roleManager>



.