The way I see it, you have two choices. You can either get your code
running under a domain account so that you don't have to supply credentials
and a server name, or you can supply a server or domain name and supply
credentials.
If you go the former route, you have a lot of options. Essentially, you can
either make the process run under a domain account, or you can impersonate a
domain account so that your current thread will take on that identity.
To change the process account, you can either make the worker process run as
a domain account or move the code into a COM+ component and run that under a
domain identity.
To impersonate a domain account, you generally do this by enabling
impersonation in web.config. If you do that, then you will be impersonating
the authenticated user in IIS. That will either be the user logging on or
the anonyous user account (which you can make a domain account if you want).
It is also possible to impersonate a specific user via web.config by
specifying credentials and you can impersonate an account through code.
Thus, you have lots of options. Some of these options vary by the OS you
are running and your security settings.
All of the IIS security settings are configured via the IIS MMC on the
directory security tab.
Normally, I just supply the server or domain in the binding string and
supply som credentials from a service account and don't worry about all of
the above.
HTH,
Joe K.
"Grant" <> wrote in message
news:...
> Thank you for the reply! Looking at my web.config file I dont have this
> "identity impersonate="true"" section and also it says to "security
> mechanism to Anonymous only" - where do I find this security mechanism,
> and how would i set the identity impersonate setting?
>
> -------------
> When the Web.config file is set to identity impersonate="true"/ and
> authentication mode="Windows", use the Anonymous account with the
> following settings: . On the ASPX page, set the security mechanism to
> Anonymous only.
> . Clear the Allow IIS to control the password check box.
> . Set the Anonymous account to be a domain user.
>
> -------------
>
> Cheers
> Grant
>
>
> "Joe Kaplan (MVP - ADSI)" <> wrote
> in message news:...
>> This is a security context issue. The account your code is running under
>> might not be a domain account, so you can't use serverless binding (which
>> is what you are doing when you don't put a server name in the binding
>> string below).
>>
>> This document has a lot more detail:
>>
>> http://support.microsoft.com/default...b;en-us;329986
>>
>> Joe K.
>>
>> "Grant" <> wrote in message
>> news:u2KGc%...
>>> Hello,
>>>
>>> I got some sample code off the MSDN website on how to loop through a
>>> group in active directory and list the members. I can run the code from
>>> a console app but I cant run it from an ASP solution? I get the folowing
>>> message:
>>>
>>> "The specified domain either does not exist or could not be contacted"
>>>
>>> Heres the code Im using:
>>> ---------------------------------------------------
>>> try
>>> {
>>> DirectoryEntry group = new
>>> DirectoryEntry("LDAP://CN=Administrators,CN=builtin,DC=ourdomain,DC=com") ;
>>> object members = group.Invoke("Members",null); //CODE IS FAILING HERE
>>> foreach( object member in (IEnumerable) members)
>>> {
>>> DirectoryEntry x = new DirectoryEntry(member);
>>> }
>>> }
>>> catch ( Exception ex )
>>> {
>>> lblResults.Text = ex.Message;
>>>
>>> }
>>> ---------------------------------------------------
>>>
>>> I havent done any ASP programming before. This is a standard
>>> webapplication created using Visual Studio.NET 2003. I have IIS
>>> installed and Ive set the permissions to interactive user. The above
>>> code works from my console app and works a beaut but just not from my
>>> ASP page..
>>>
>>> can anyone tell me what Im doing worng here?
>>>
>>> Thanks,
>>> Grant
>>>
>>
>>
>
>
Similar Threads
