[ActiveDir] [OU] ASP.Net 2.0 Impersonation

[Bernier, Brandon \(.\)]

Title: [OU] ASP.Net 2.0 Impersonation

This is way off topic, but I need a sanity check and the only other place to turn is the wall left of me.

Background: Writing lots of tools in ASP.Net 2.0 on a R2 Enterprise Server. For my website I turn off Anonymous Access and enable Windows Authentication. After that I ACL the website directory with the appropriate administrator group that uses these tools.

Issue: I keep getting "operational failures" when I go to execute any directory query. IIS has the user credential, unlike classic ASP you now need to either enable impersonation in your web.config or manually change thread context when needed. I've verified that its getting the correct Windows Principal, but it only executes correctly if I hardcode that ID into my web.config. Something is fishy here...Here is a tidbit of code that fails and my web.config

btw- Anyone know a good IIS forum that has the same level of masterminds that ActiveDir has?

-Brandon

Code behind snippet

try
            {
                DirectoryEntry objOU = new DirectoryEntry("LDAP://" + m_strFullOUDN);
           
                DirectoryEntry objComputer = objOU.Children.Add(String.Concat("CN=", m_strComputerName), "computer");

                objComputer.Properties["samAccountName"].Add(String.Concat(m_strComputerName, "$"));
                objComputer.CommitChanges();

                objComputer.Close();
                objComputer.Dispose();
            }

catch (System.Runtime.InteropServices.COMException ex)
        {
        //grabbing lots of stuff to see who I really am
            TextBox1.Text = TextBox1.Text + "Error Message: " + ex.Message.ToString();
            TextBox1.Text = TextBox1.Text + "\n Error Code: " + ex.ErrorCode.ToString();
        TextBox1.Text = TextBox1.Text + "\n \n Stack Dump: " + ex.StackDump.ToString();
            TextBox1.Text = TextBox1.Text + "\n \n User Type : " + System.Security.Principal.WindowsIdentity.GetCurrent().ImpersonationLevel.ToString();

            TextBox1.Text = TextBox1.Text + "\n Current Windows Principal : " + System.Security.Principal.WindowsIdentity.GetCurrent().Name;

            TextBox1.Text = TextBox1.Text + "\n Current HTTP Identity : " + HttpContext.Current.User.Identity.Name.ToString();

            TextBox1.Text = TextBox1.Text + "\n Is Anonymous : " + System.Security.Principal.WindowsIdentity.GetCurrent().IsAnonymous;

            TextBox1.Text = TextBox1.Text + "\n Auth Mech : " + System.Security.Principal.WindowsIdentity.GetCurrent().AuthenticationType;

        }
       

Web.config

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
        <system.web>
                <authentication mode="Windows"/>
                <identity impersonate="true"/>
                <customErrors mode="Off"/>
                <compilation defaultLanguage="c#" debug="true" urlLinePragmas="true">
                </compilation>
        </system.web>
</configuration>