Re: AD Login failure when using ActiveDirectoryMembershipProvider

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Feb 2007 19:05:21 -0600

The AD membership provider disables impersonation when it does its DS
access, so that might explain the problem. If you are using XP and want
default credentials, you need to change the credentials in your processModel
in machine.config to a domain account for testing purposes.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:995F2D5A-5CCE-48E7-9A24-C564DD8F1D2C@xxxxxxxxxxxxxxxx

I'm afraid I don't understand your comments.

You're right that the default process identity is the local machine ASPNET
account. However, as I stated, I changed the anonymous user to a domain
account and enabled impersonation, so the process credentials are now my
domain credentials.

Why is this not realistic? It's the same way I would configure the Windows
2003 server (i.e. change the anonymous account to a domain account and
enable
impersonation).

References:
- Re: AD Login failure when using ActiveDirectoryMembershipProvider
  - From: Dominick Baier

Prev by Date: Re: WindowsTokenRoleProvider & Domain Groups
Next by Date: Re: WindowsTokenRoleProvider & Domain Groups
Previous by thread: Re: AD Login failure when using ActiveDirectoryMembershipProvider
Next by thread: Re: AD Login failure when using ActiveDirectoryMembershipProvider
Index(es):
- Date
- Thread

Relevant Pages

Re: SetPassword access denied
... That said, I think one thing worth pointing out is that in both cases here, your code is supplying credentials to the DirectoryEntry constructor. ... the identity of the current thread (established either via impersonation or using the process token without impersonation) is NOT the account that is used for performing remote activities in the directory. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.windows.server.active_directory)
Re: confused about credentials in impersonation
... As in a traditional ASP.Net application the logged in user making the ... If impersonation is not turned on then the user credentials that will be ... > account or server's accounts or server's administration account or domain ...
(microsoft.public.sharepoint.portalserver.development)
Re: ASP.NET and integrated Authentication
... credentials when using impersonation unless you enable kerberos ... The credentials make one hop from the browser to a remote ... application uinder a domain account instead of the local ASPNET ...
(microsoft.public.dotnet.framework.aspnet)
Re: Windows authentication for web service client??
... I have a web service that make a webDav request to Exchange. ... I have impersonation on but when I use the defaultCredentials in the web ... credentials have rights to make this request and I'm at my wits end trying ... >>> The ASPNET account is a local account, so the other machine or domain ...
(microsoft.public.dotnet.framework.aspnet.webservices)
Re: AD Login failure when using ActiveDirectoryMembershipProvider
... you would configure the app pool to run as a domain account and use no impersonation. ... a domain account and enabled impersonation, so the process credentials ...
(microsoft.public.dotnet.framework.aspnet.security)