I'm putting an app together that will allow me to have my PC Support people create new users.
When the application is run on the server, I'm using an application pool to elevate the effective user permissions to allow the creation of the new user as well as the corresponding email account. This let's me not give out too many privilages to the PC
Support people. So, with that said, the user loads the page, enters the information, clicks the submit button and all the variables are stored into session variables and shipped off to another page that implements the elevated application pool, takes the info
from the session variables and viola!
I'm developing this on an XP Pro machine with .NET Framework 2.0 and it runs perfectly. It creates the user in the correct container, enables the account and even sets some of the user attributes like the name and the phone number and all that.
So, since it's all working on my workstation, I put it out to the web server. That is a 2003 Server with .NET Framework 3.5 Beta (the installation of the 3.5 Beta was at the urging of Joe Kaplan because, as I understand it, 3.5 is better suited at the directory
services aspect then Framework 2).
Now here's the trouble; when on the server I run the app and it errors out stating "The parameter is incorrect." on this line:
'The new user ID is the child to the parent path.
Dim user = Parent.Children.Add("CN=" & Session("UserID"), "user")
The full LDAP path and code is here:
Parent = New DirectoryEntry("LDAP://OU=SomeOU,DC=somedomain,DC=com", Nothing, Nothing, AuthenticationTypes.Secure=1)
'Create the connection to the AD OU that will create the new ID
'The new user ID is the child to the parent path.
Dim user = Parent.Children.Add("CN=" & Session("UserID"), "user")
I have tried using a normal String value instead of the session variable but it comes up with the same message.
Does anyone have any ideas as to what I can try on this?
so with framework 3.5 you cannot switch to a previous version of the framework as you can with 2.0? If you can select the version of the .net framework your app is running in IIS, I'd suggest trying to run the app as 2.0 and see if it works. Perhaps some
of your code is deprecated in the 3.5 framework?
------------------------------------------------
Jeff Turner
Don't forget to mark the correct answer for your
question to help out future visitors!
Well, that's what I thought as well so I did try that but it didn't work.
I'm wondering if it's an IIS issue more than code or framework. I have IIS 5 on my workstation (WIn XP Pro) and IIS 6 on the web server. Is it possible that maybe something in the CLR is expecting IIS 5? I'm just grasping at straws now though...
I don't think it is a 2.0 to 3.5 issue. In the past when I've received that error it was related to permissions. So How certain are you that impersonation is working on the 2003 Server? Also, if it is working, how certain are you that the impersonated
user has enough permissions?
In the web.config I have impersonation turned off. The application pool is running under the domain admin login credentials.
I turned off the impersonation so I didn't run into a conflict while trying to process the request of adding the new user while running under the application pool credentials and the application itself is trying to impersonate my login credentials.
For testing purposes, I would change the AuthenticationType enumeration. "AuthenticationType.Secure = 1" to "AuthenticationType.None". In fact, why is there an "= 1" after AuthenticationType.Secure?
That was it. Must have been getting it confused on what credentials to use. I think the authentictype.secure is applied by default. If so then it was probably trying to pass the logon credentials when trying to make the new user. By setting it to none it
uses the application pool account to create the user.
DaleP
Participant
982 Points
278 Posts
LDAP Trouble from System.DirectoryServices
Oct 26, 2007 02:45 PM|LINK
Hello,
I'm putting an app together that will allow me to have my PC Support people create new users.
When the application is run on the server, I'm using an application pool to elevate the effective user permissions to allow the creation of the new user as well as the corresponding email account. This let's me not give out too many privilages to the PC Support people. So, with that said, the user loads the page, enters the information, clicks the submit button and all the variables are stored into session variables and shipped off to another page that implements the elevated application pool, takes the info from the session variables and viola!
I'm developing this on an XP Pro machine with .NET Framework 2.0 and it runs perfectly. It creates the user in the correct container, enables the account and even sets some of the user attributes like the name and the phone number and all that.
So, since it's all working on my workstation, I put it out to the web server. That is a 2003 Server with .NET Framework 3.5 Beta (the installation of the 3.5 Beta was at the urging of Joe Kaplan because, as I understand it, 3.5 is better suited at the directory services aspect then Framework 2).
Now here's the trouble; when on the server I run the app and it errors out stating "The parameter is incorrect." on this line:
'The new user ID is the child to the parent path.
Dim user = Parent.Children.Add("CN=" & Session("UserID"), "user")
The full LDAP path and code is here:
Parent = New DirectoryEntry("LDAP://OU=SomeOU,DC=somedomain,DC=com", Nothing, Nothing, AuthenticationTypes.Secure=1)
'Create the connection to the AD OU that will create the new ID
'The new user ID is the child to the parent path.
Dim user = Parent.Children.Add("CN=" & Session("UserID"), "user")
I have tried using a normal String value instead of the session variable but it comes up with the same message.
Does anyone have any ideas as to what I can try on this?
tfsmag
Contributor
3467 Points
686 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:03 PM|LINK
so with framework 3.5 you cannot switch to a previous version of the framework as you can with 2.0? If you can select the version of the .net framework your app is running in IIS, I'd suggest trying to run the app as 2.0 and see if it works. Perhaps some of your code is deprecated in the 3.5 framework?
Jeff Turner
Don't forget to mark the correct answer for your
question to help out future visitors!
shivamG
Member
326 Points
70 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:11 PM|LINK
hi;
Do you have the .net 3.5 beta framework on the xp pro machine? Maybe there are some slight change in the api.
Regards
Shivam
MCTS - Sql2005
CSM(Certified Scrum master)
DaleP
Participant
982 Points
278 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:12 PM|LINK
Well, that's what I thought as well so I did try that but it didn't work.
I'm wondering if it's an IIS issue more than code or framework. I have IIS 5 on my workstation (WIn XP Pro) and IIS 6 on the web server. Is it possible that maybe something in the CLR is expecting IIS 5? I'm just grasping at straws now though...
jamesqua
Star
8305 Points
1430 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:13 PM|LINK
I don't think it is a 2.0 to 3.5 issue. In the past when I've received that error it was related to permissions. So How certain are you that impersonation is working on the 2003 Server? Also, if it is working, how certain are you that the impersonated user has enough permissions?
DaleP
Participant
982 Points
278 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:18 PM|LINK
That's a good thought. I'll give it a try as well.
DaleP
Participant
982 Points
278 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:22 PM|LINK
In the web.config I have impersonation turned off. The application pool is running under the domain admin login credentials.
I turned off the impersonation so I didn't run into a conflict while trying to process the request of adding the new user while running under the application pool credentials and the application itself is trying to impersonate my login credentials.
jamesqua
Star
8305 Points
1430 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:48 PM|LINK
For testing purposes, I would change the AuthenticationType enumeration. "AuthenticationType.Secure = 1" to "AuthenticationType.None". In fact, why is there an "= 1" after AuthenticationType.Secure?
DaleP
Participant
982 Points
278 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 04:54 PM|LINK
Yeah, I put that in out of desperation after reading a tool tip from the Intellisense. That's been taken out since this posting.
That's a good idea though, I'll give the authentication thing a try.
DaleP
Participant
982 Points
278 Posts
Re: LDAP Trouble from System.DirectoryServices
Oct 26, 2007 06:33 PM|LINK
That was it. Must have been getting it confused on what credentials to use. I think the authentictype.secure is applied by default. If so then it was probably trying to pass the logon credentials when trying to make the new user. By setting it to none it uses the application pool account to create the user.
That is, if I understand it correctly...
Still, pretty interesting stuff.
Thanks for all the help!