Re: [ADVANCED-DOTNET] System.DirectoryServices - same code -- different behaviour

Wed, 29 Nov 2006 12:24:18 -0800 

Dimitrios:


                              im.ImpersonateUser(User.DOMAIN, AD_ACCOUNT,

AD_ACCOUNT_PASSWORD, true);

In ASP.Net, it will be the IIS user, which perhaps has no privilege to the
AD.

HTH

- Adwait

--
Adwait Ullal

e: mailto:[EMAIL PROTECTED]
w: http://www.adwait.com
l: http://www.linkedin.com/in/adwait
j: http://finance.groups.yahoo.com/group/AdwaitsDotNetJobs


On 11/29/06, Toulakis, Dimitrios (RESC) <[EMAIL PROTECTED]>
wrote:


Hi all,

got a strange behaviour with a piece of code which is creating user
accounts on the active directory.

The code looks like this:

               public bool CreateUser(string userId, string
lookupDomain, ContactEntity contact)
               {
                       string path = string.Format( "{0}://{1}",
PROVIDER_LDAP, lookupDomain);

                       //the impersonate class wraps around the
"advapi32.dll"
                       //to get the impersonisation token
                       Impersonate im = new Impersonate();

                       bool score = true;

                       Hashtable hash = GetUsers(lookupDomain);

                       int counter = 0;
                       string originalId = userId;

                       while(hash.Contains(userId))
                               userId = originalId +
counter.ToString();


                       try
                       {
                               DirectoryEntry de = new
DirectoryEntry(path, AD_ACCOUNT, AD_ACCOUNT_PASSWORD,
AuthenticationTypes.Secure);

                               im.ImpersonateUser(User.DOMAIN,
AD_ACCOUNT, AD_ACCOUNT_PASSWORD, true);

                               DirectoryEntry user =
de.Children.Add("CN=" + userId, "user");

                               user.Properties["sAMAccountName"].Value
= userId;

                       user.Properties["userAccountControl"].Value =
ActiveDs.ADS_USER_FLAG.ADS_UF_NORMAL_ACCOUNT
                                       |
ActiveDs.ADS_USER_FLAG.ADS_UF_PASSWD_NOTREQD
                                       |
ActiveDs.ADS_USER_FLAG.ADS_UF_DONT_EXPIRE_PASSWD;

                               user.CommitChanges();
                               user.Invoke("SetPassword", new object[]
{DEFAULT_AD_PASSWORD});

                               hash.Add(userId, userId);

                               UpdateUsers(lookupDomain, hash);
                       }
                       catch(Exception ex)
                       {
                               ex.GetHashCode();
                               score = false;
                       }
                       finally
                       {
                               im.UndoImpersonation();
                       }

                       return score;

               }


Using this piece of code in an Windows Forms application works fine.
But when using it in an ASP.NET application it fails.

The error message is:

Logon failure: unknown user name or bad password

This is strange to me because with the same credentials I am able to get
all the domain user accounts (within the ASP.NET application).

So, I am currently running out of ideas...

Any suggestions?




Met vriendelijke groet / With kind regards,

Dimitrios Toulakis

Postbus 1010
3600 BA Maarssen/Amsterdam
The Netherlands

Tel : +31(0) 346 583300
Fax: +31(0) 346 583399
URL: http://www.resourcesconnection.nl
<http://www.resourcesconnection.nl/>
E-mail disclaimer: http://www.resourcesconnection.nl/e-maildisclaimer
<http://www.resourcesconnection.nl/e-maildisclaimer>

===================================
This list is hosted by DevelopMentor(r)  http://www.develop.com

View archives and manage your subscription(s) at
http://discuss.develop.com



===================================
This list is hosted by DevelopMentorĀ®  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com

Reply via email to