Cannot add windows/domain user using web console

Topics: Web Console
Oct 6, 2011 at 5:32 PM

Hi Andrea,

using web console I can't find a way to insert windows domain or local users. With MMC snap no problem.

  • NetSqlAZMan 3.6.0.9
  • Windows XP, IIS 5.1 (so no application pools)
  • Sql Server 2005 standard
  • Windows Integrated Authentication for the console wep app

The PC is inside my company domain, my user is a domain user and I configured impersonation in ASP.NET configuration, adding

    <identity impersonate="true"/>

in web.config, system.web section. Impersonation solved the problem of logging to the local SQL Server.

When I try to add a windows/domain user I get this message:

Unable to resolve: XXX
Error:
Il provider non supporta la ricerca. Impossibile eseguire una ricerca in LDAP://RootDSE.

If instead I do not use impersonation the web app runs as ASPNET user, and the error message is simpler

Unable to resolve: XXX
Error:
Errore sconosciuto (0x80005000)

I bet I should change some config parameter for LDAP, but I don't know how. I did not make any change about this:

        <!-- ACTIVE DIRECTORY -->

        <add key="RootDSEPath" value=""/>
        <!-- i.e.: "LDAP://DC=Domain,DC=local"; leave blank for default naming context -->
        <!-- Active Directory LookUp Account to resolve SID of Domain User Accounts; leave blank to use Client User Identity -->
        <add key="Active Directory LookUp Username" value=""/>
        <add key="Active Directory LookUp Password" value=""/>

Any clue?

 

 

Oct 6, 2011 at 10:31 PM

Hi,

seems how your IIS Application is not able to contact your AD domain controller for some security reason.

Try to do the following:

1) <identity impersonate=”true” username=”DOMAIN\username” password=”password” />
Use a domain user that is able to read profile information from your AD

2) If 1) does not work, do this (in addition of 1)) using the same identity of 1)
<add key="Active Directory LookUp Username" value="DOMAIN\username"/>
<add key="Active Directory LookUp Password" value="password"/>

Let me know.
Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Oct 13, 2011 at 2:39 PM

Hi Andrea, I tried 1 and 2 and no way.

What's amazing is that the MMC snap-in works in the same environment. Are there any difference in the API calls used, between then Web Console and Snap-In?

Oct 13, 2011 at 2:52 PM

No difference between MMC snapi in and Web console.

Both uses the NetSqlAzMan.dll library.

The unique difference is that tha Web Console run under the Application Pool identity account … instead of the MMC snapin that runs under the logged user.

Anyway … you can try to enable the “Anonymous Access” and replace the default NETWORK credential with the Identity of a user account. Remember to leave checked the Windows Authentication flag also.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com