Last post Jun 27, 2016 02:09 PM by bbcompent1
Jun 27, 2016 12:07 PM|TonyClifton|LINK
in an asp.net MVC Intranet application I want to give users the option to change some of their AD-attributes (self-management). Just like in OWA - including some additional fields like thumbnailPhoto, etc.
Running my code locally in VS 2013 let's me save my phone number but when I deploy it to IIS I get an "UnauthorizedAccessException at System.DirectoryServices.DirectoryEntry.CommitChanges() ..."
Do I have to use a service account to make updating of attributes work via IIS? I was under the impression that every user could change a subset of his own attributes. How does this it work with OWA?
Jun 27, 2016 02:09 PM|bbcompent1|LINK
OWA uses windows authentication in its application pool; instead of authenticating as Network Service, the pool calls need to use the authenticated users credentials. I think you have to do something with Service Protocol Name to get AD to recognize the
app pool for Kerberos; check this post for more details: