nightmare with ADAM ldap and roleprovider
steven_at_sbcanada.com
Date: 09/16/05
- Next message: carion1: "Re: Patterns for security"
- Previous message: A: "Re: xml based AzMan and ActiveDirectory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Sep 2005 15:00:13 -0700
What a nightmare! I've spent 5 days trying to get AZMAN and the .net
2.0 activedirectory (for ADAM) membership provider to speak to one
another. Ideally ADAM will be the user/group repository and Azman
will, through LDAP Query Groups, allow for fine grained access
control.. All via .NET 2.0, using Membership provider classes and
controls....
Heres the problem:
I have gotten Azman running in ADAM (Residing on
CN=AzMan,DC=TestApp,DC=com).
Then I instructed ActiveDirectoryMembershipProvider to use
a container, one level deeper than the AzMan store (just for
prototyping purposes) CN=UserStore,CN=AzMan,DC=TestApp,DC=com"/>
(UserStore is just a simple container) [note I've tried many partitions
and configurations and nothing seems to help!]
The Asp.net 2.0 membership provider can create users in this partition
with no problem but it wont let me create roles... (throws an
Exception from HRESULT: 0x8007006E)).
Anyways, the bigger problem I am having is that I want my
ActiveDirectoryMemberShipProvider based code (snippet below) to
construct a clientContext using the SID of the authenticated ADAM user.
Everything seems to work until the point where a clientContext has to
be created and suddenly I'm getting
Exception from HRESULT 'clientContext.UserCanonical' threw an
exception
of type
'System.Runtime.InteropServices.COMException' string
{System.Runtime.InteropServices.COMException}
"The request is not supported. (Exception from HRESULT:
0x80070032)"} System.SystemException
{System.Runtime.InteropServices.COMException}
Seems like the ClientContext is improperly constructed. Without a
valid ClientContext the code cannot do any auth checks... I'm betting
this has to do with the fact that the RoleProvider is unable to create
Roles.
Heres the code, I hope someone can tell me where I'm going wrong...
****
protected void Page_Load(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser();
System.Security.Principal.SecurityIdentifier sidValue =
(System.Security.Principal.SecurityIdentifier)user.ProviderUserKey;
string sid = sidValue.ToString();
AzAuthorizationStoreClass AzManStore = new
AzAuthorizationStoreClass();
AzManStore.Initialize(0,
ConfigurationManager.ConnectionStrings["AzManServer"].ConnectionString,
null);
IAzApplication azApp =
AzManStore.OpenApplication("TestApplicationStore", null);
//until now, other than the inability to call
Roles.CreateRole("TestRole") there are no problems..... Here comes the
problem (symptom?):
IAzClientContext clientContext =
azApp.InitializeClientContextFromStringSid(sid,
(int)tagAZ_PROP_CONSTANTS.AZ_CLIENT_CONTEXT_SKIP_GROUP, null);
//now if I try to do:
Response.Write(clientContext.UserDisplay);
//At this point the ClientContext is not null but is quite useless.
.......
}
Any ideas? Is it a bug in my code or config error? A bug in the beta?
The fact that I'm not connected via SSL? A permissions issue of some
sort?
- Next message: carion1: "Re: Patterns for security"
- Previous message: A: "Re: xml based AzMan and ActiveDirectory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
