CODEWITHSUNDEEP
asp.netvisual-studio-2005active-directorywindows-xpiis-5
Chad
Chad

Reputation: 24699

Permissions issue when accessing Active Directory from an ASP.NET web app?

I just joined a company to support a web app that no one knows anything about. Everyone who might have once known is gone.

The app is using a dll (I only have the binary) which is used to get a string list of Active Directory groups that the user belongs to. The code works in production and when I run interactively in the VS2005 IDE, but does not work when I run it locally in IIS.

The code is this. It blows up on line 127:

Line 127:            userGroups = new FW.DirectoryHelper(username).getGroups();
Line 128:            List<string> roles = new List<string>();
Line 129:            List<string> groups = new List<string>();

With this error:

Error getting group information. The specified domain either does not exist or could not be contacted.

This looks like some sort of an issue with the ASPNET account not having access to Active Directory, but why is it working interactively but not under IIS? Is this because when I run interactvely I am running under my own credentials instead of the ASPNET account? Why would it run on other (eg, UAT) IIS servers including Production and not local?

Is there some local IIS configuration or fodler security configuration that I need to make to get it to work locally?

The binary is surely used elsewhere within my company; I think it is a shared IT utility that no one will support or trying to find someone who will will prove difficult.

My local IIS was configured with Windows Authentication turned on and Anonymous off. I also tried Windows Auth on and Anonymous...

Upvotes: 1

Views: 1787

Answers (4)

Nick Rolando
Nick Rolando

Reputation: 26177

The code is using the windows login credentials for ldap, whichever pc is running the program. Try setting iis to anonymous access and give it an account (a dummy one perhaps) that has ldap reading rights. And in your web.config file, you're going to want to set this anonymous account like so:

<system.web>
<identity userName="DOMAIN\username" password="myPW"/>
</system.web>

Upvotes: 1

Peter
Peter

Reputation: 9712

Your issue is very similar to a question I answered recently, they too were using IIS 5.1.

Is it possible to retrieve data from Active Directory by impersonating a Windows authenticated user in ASP.NET?.

In my answer I provide a couple of possible solutions, what you will probably want to do is use ASP.Net impersonation.

Upvotes: 1

rkw
rkw

Reputation: 7297

A quick fix is to set the identity of your local IIS to use your login credentials instead of the default system account.

Upvotes: 0

xqwzid
xqwzid

Reputation: 520

Is this IIS6 or 7?

If II6 make sure the application pools Identity is set to that of a domain account.

If IIS7 make sure under Basic Settings it is set to that of a domain account.

Hope this is helpul.

Upvotes: 0

Related Questions