Last post Feb 19, 2015 10:29 AM by gtscdsi
Dec 22, 2014 01:27 PM|JasonKeithHam|LINK
Impersonation works fine when on server with IIS7 installed but fails on server with IIS8.5 installed. Any ideas on why impersonation will not authenticate?
System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean
throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry
entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext
context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current() at CAP2.Controllers.MasterController.GetUserInfo()
Dec 23, 2014 03:02 AM|May-song|LINK
Newer versions of IIS run under the ApplicationPoolIdentity account. If you go into the advanced settings for the application pool, you can try changing the identity under the process model section to NetworkService(What iis used to use, considered less
secure now) or you can change the permissions to a different account or you could manually set the ACL's for your app pool.
More information please refer to the link below.
Dec 23, 2014 10:39 AM|JasonKeithHam|LINK
Thanks for the response. My network admins won't allow it to run under NetworkService because it's less secure and would defeat the purpose of having credentials on the AppPool. Any other ideas? Thanks
Feb 19, 2015 10:29 AM|gtscdsi|LINK
We find a resolution with similar issue symptom.
If the issue cannot be resolved by that solution, we suggest you to submit a service request to Microsoft Support from below link:
The "IUSR" account cannot act as the machine identity and do not have rights on the network.
Change the Anonymouse user identity of IIS Anonymous Authentication Credentials to another domain account.