ACCESS_DENIED using Authorization Manager with an Active Directory forest

From: Mart?n Zavala (tinchoz_at_gmail.com)
Date: 01/27/05

• Next message: sherry: "InitializeSecurityContext() returns SEC_E_INVALID_TOKEN on first c"
• Previous message: Michel Gallant: "Re: CryptoAPI migration from WinNT to Win2003 server"
• Next in thread: Dave: "RE: ACCESS_DENIED using Authorization Manager with an Active Directory"
• Reply: Dave: "RE: ACCESS_DENIED using Authorization Manager with an Active Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 27 Jan 2005 12:55:25 -0800

Hello everyone!
I'm developing a web application (using C# 2003, .NET 1.1) that runs
on a Windows 2003 Server integrated with ActiveDirectory. The
ActiveDirectory has one root domain and several subdomains. The forest
has Windows 2003 functional level.
The web application uses Windows authentication and is bound to
Authorization Manager in order to get the current logged user's
permissions.
The thing is, when I open the web application with an user that
belongs to the root domain, everything works like a wonder, I get
authenticated and then authorized correctly. But when I log in as any
user from any of the subdomains, I get authenticated but every call to
AccessCheck returns with ACCESS_DENIED, no matter what user I use or
which permissions I assign. I initialize the client context from the
token of the currently logged on user.

I would appreciate any help, 'cause I haven't been able to gather
enough information from the newsgroups regarding this matter.

Thanx in advance,

Martín.-

---

• Next message: sherry: "InitializeSecurityContext() returns SEC_E_INVALID_TOKEN on first c"
• Previous message: Michel Gallant: "Re: CryptoAPI migration from WinNT to Win2003 server"
• Next in thread: Dave: "RE: ACCESS_DENIED using Authorization Manager with an Active Directory"
• Reply: Dave: "RE: ACCESS_DENIED using Authorization Manager with an Active Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Strange Replication Issue ... i have a windows 2003 Domain with about 60 Subdomains. ... Some time ago 2 sudomains were deleted. ... replicated back to the root domain. ... (microsoft.public.windows.server.active_directory) Re: Authenticate agains several Active Directory Domains ... > ad.sys and within this root domain there are the following subdomains: ... > admin user and check their password agains the windows domain. ... > Is this procedure valid? ... > But when I try to access de.Children I get an error saying ... (microsoft.public.dotnet.languages.csharp) Re: Demoted domain still visible ... > When I open ADUC in rool.local, ... > 5719 error for demoted domain in root domain controllers. ... Remote domain was Windows ... I guess when demoting the last dc from that domain you did not select ... (microsoft.public.win2000.active_directory) Authenticate agains several Active Directory Domains ... Active Directory running on Windows 2000. ... ad.sys and within this root domain there are the following subdomains: ... But when I try to access de.Children I get an error saying ... (microsoft.public.dotnet.languages.csharp) Re: Changing Global Group to Domain Local Group. ... > to Windows 2003 I want to change my Cert Publishers group from a Global ... > Authority structure with the Issuing Certificate Authority in the Root ... All users and computer objects are in the child domain. ... > unless I can put the CA computer object that is in the root domain in the ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2005-01