Re: WindowsImpersonationContext and DirectoryServices

Your DirectoryEntry is outside of the "using" block, so your impersonation
is being undone before you even call anything. That is why this isn't
working. :)

Note that with the DirectoryEntry, you don't need impersonation like you do
with a lot of other remote security operations. DirectoryEntry is
LDAP-based (assuming you are using the LDAP provider, which you should be
100% for AD) and LDAP natively supports supplying credentials directly.

Thus, instead of bothering to call LogonUser, getting a token and
impersonating, you could just pass those credentials directly to the
DirectoryEntry object (using the AuthenticationTypes.Secure parameter as
well!) and it will just work.

HTH,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<danycloutier@xxxxxxxxx> wrote in message
news:1163692474.436107.228280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi everybody,

I'm developping an application where I have to read information in the
Active Directory (windows 2000). I have to impersonate my calls with
specific users to have acces to different parts of the AD.

I impersonate the user with the code below (I get token via the
function LogonUser in ADVAPI32.DLL ).

WindowsImpersonationContext wic;
if (token != IntPtr.Zero)
{
WindowsIdentity wi;
using (wi = new WindowsIdentity(token))
{
wic = wi.Impersonate();
}
}
dirEntry = new DirectoryEntry(myConnString)


But after it, I'm unable to read in the AD. I think the directoryEntry
constructor is called with the credentials of my web server (the user
USR_... on local computer) and the connection is refused. Is there any
solutions to impersonate the call to the AD without specifying the
credentials in the DirectoryEntry constructor ?

Thank you

Dany



.

Relevant Pages

  • WindowsImpersonationContext and DirectoryServices
    ... Active Directory (windows 2000). ... I impersonate the user with the code below (I get token via the ... credentials in the DirectoryEntry constructor? ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authenticate agains several Active Directory Domains
    ... the DirectoryEntry fails is because by default, ... can impersonate another user to run under for this operation. ... > I need to restrict access to a certain part of a ASP.NET page to some> admin user and check their password agains the windows domain. ... > But when I try to access de.Children I get an error saying> ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: DirectoryEntry call to remote IIS Metabase ALWAYS connects as ASPNET
    ... The UserName and Password properties on the DirectoryEntry are not supported ... You have to impersonate the user you want to use. ... It says this somewhere in the documentation for the IIS provider, ... >the remote servers but I have not been able to create virtual directories. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: error: {System.Runtime.InteropServices.COMException} occured
    ... You don't need to impersonate, you simply have to use the DirectoryEntry ... overload that takes a username and password to connect to the AD. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Virtual Directory Detection #2
    ... AspEnableParentPaths: True ... If the code below is run on a Windows XP ... >> Peter, ... >>> that's because your method call to DirectoryEntry isn't returning a ...
    (microsoft.public.dotnet.languages.csharp)