This is way off topic, but I need a sanity check and the only other place to turn is the wall left of me.
Background: Writing lots of tools in ASP.Net 2.0 on a R2 Enterprise Server. For my website I turn off Anonymous Access and enable Windows Authentication. After that I ACL the website directory with the appropriate administrator group that uses these tools.
Issue: I keep getting access denied when I go to execute any directory query. IIS has the user credential, unlike classic ASP you now need to either enable impersonation in your web.config or manually change thread context when needed. I've verified that its getting the correct Windows Principal, but it only executes correctly if I hardcode that ID into my web.config. Funny thing is that the bind is done as Network Service (my app pool id). Something is fishy here...Here is a tidbit of code that fails and my web.config
btw- Anyone know a good IIS forum that has the same level of masterminds that ActiveDir has?
-Brandon
Code behind snippet
try
{
DirectoryEntry objOU = new DirectoryEntry("LDAP://" + m_strOU);
DirectoryEntry objComputer = objOU.Children.Add(String.Concat("CN=", m_strComputerName), "computer");
objComputer.Properties["samAccountName"].Add(String.Concat(m_strComputerName + "$"));
objComputer.CommitChanges();
objComputer.Close();
objComputer.Dispose();
}
Web.config
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<customErrors mode="Off"/>
<compilation defaultLanguage="c#" debug="true" urlLinePragmas="true">
</compilation>
</system.web>
</configuration>
