Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Account Permissions to query Active Directory

Reply
Thread Tools

Account Permissions to query Active Directory

 
 
Keith F.
Guest
Posts: n/a
 
      04-24-2006
I'm working with my windows tech support guy on trying to give an ASP.NET 2.0
web app I built, adequate permissions so it can query active directory for
user roles created using Authorization Manager.
If we go into the application pool properties on the web server, and on the
Identity tab, select configurable identity, and put in my tech guy's username
and password, the app works fine. I can use the IsInRole method, etc.
We've tried creating a special account just for this, but we haven't been
able to figure out exactly what permission this account needs to access
active directory.
Can anyone tell me how to set the permissions to allow a least privledge
account to query active directory? or point me to a link that would help?
(Note: I'm using the AuthorizationStoreRoleProvider in my web.config)
Thanks,
KF
 
Reply With Quote
 
 
 
 
MikeS
Guest
Posts: n/a
 
      04-25-2006
Have you checked the security settings on the AzMan store or
application?

 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      04-25-2006
This is a difficult question in general because AD allows such flexible
delegation of permissions. Typically, I'd expect someone in the
Authenticated Users group in AD to be able to read the AzMan objects in the
directory. However, your admins might have delegated the permissions such
that only specific users can read them. As such, a solution that works for
me might not work for you.

Assuming that the app works fine when used with a domain user who doesn't
have any special permissions but does not work when configured with Network
Service (which uses the computer account when accessing the network), it may
be the case that Domain Users have rights to read these objects, but not
Domain Computers. You might try examining the ACLs on the AzMan objects and
containers and see what you can tell.

Best of luck,

Joe K.

"Keith F." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I'm working with my windows tech support guy on trying to give an ASP.NET
> 2.0
> web app I built, adequate permissions so it can query active directory for
> user roles created using Authorization Manager.
> If we go into the application pool properties on the web server, and on
> the
> Identity tab, select configurable identity, and put in my tech guy's
> username
> and password, the app works fine. I can use the IsInRole method, etc.
> We've tried creating a special account just for this, but we haven't been
> able to figure out exactly what permission this account needs to access
> active directory.
> Can anyone tell me how to set the permissions to allow a least privledge
> account to query active directory? or point me to a link that would help?
> (Note: I'm using the AuthorizationStoreRoleProvider in my web.config)
> Thanks,
> KF



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Active Directory, User Permissions, and .NET? Spam Catcher ASP .Net 4 04-21-2008 07:24 PM
VPN account PIX w/ active directory vhn2001 Cisco 0 09-07-2006 07:49 PM
Active Directory - Groups and Permissions Scott ASP .Net 2 05-16-2006 07:01 PM
Active Directory Machine Account Permissions Jay Armstrong ASP .Net Security 4 03-15-2005 04:29 PM
Permissions for access to Active Directory (CAS) Taras Overchuk ASP .Net Security 0 10-31-2003 04:22 PM



Advertisments