Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 30, 2011 12:01 PM
Iam getting this wieeeerd erorr message saying that access is denied, and i have google alot and dident find any solution yet, even there alot of people sitting with the same problom as me. And as i can understand it is related to some security realated issue or?
Iam running my code with RunWithElevatedPrivileges, but still it wont work. nwhat i have read on different blogs when i google that there are some app pool security type of ting that is not proventing to change or set the password because user running the app pool dont have permissions...??!! i new to this things even i understand a bit of waht it can be fault, but still iam almost tairing my LAST hair of just for fixing this issue...
Below is the code where i get this error:
using (dirEntry)
{
//dirEntry.Invoke("ChangePassword", new object[] { this.oldPass, this.password });
dirEntry.Invoke("SetPassword", new object[] { this.password });
HttpContext.Current.Response.Write("#Password Changed#");
dirEntry.CommitChanges();
HttpContext.Current.Response.Write("Commit Changes");
if (forceChange)
{
dirEntry.InvokeSet("PwdLastSet", new object[] { 0 });
dirEntry.CommitChanges();
}
dirEntry.Close();
}
All replies (11)
Wednesday, November 30, 2011 5:36 PM ✅Answered
All web applications run within an application pool which defines the parameters around the executable process that is used to execute the code within the web application. This is true regardless of whether you are running a standard .Net app or within SharePoint. If you look in IIS mananagement panel you should see a section for application pools.
One of the things that the application pool defines is what user context is used for the web app. By default IIS uses the 'NETWORK' account or the 'IUSR____' account. These accounts have special permissions on the machine but can't get elevated privleges. Most SharePoint configurations get configured to run under a specific user account so that the access they have can be closely controlled but potentially go beyond what the generic accounts have, but I would still not expect that account to have access to change passwords on accounts since that is pretty much an admin function.
To be able to use elevated privleges like this you are going to have to have your web application running under a user that has elevated permissions. To do that you will need to configure the application pool to run under a specific user you create for this purpose (which can be configured in IIS) or you will need to add privileges to the user that it is already running under. Note that you are creating a potentially HUGE security hole when you do this and you definitely should elevate the privileges of the generic accounts.
Thursday, December 1, 2011 1:58 PM ✅Answered
You've replied to your own post more than 6 times, that gives the impression that your question is already being discussed. It's usually best to just pose the question, then edit your original post because then we can filter threads based on number of replies.
You can do one of two things:
1. Grant access to update Active Directory for your App Pool identity.
2. Pre-authenticate using a service account directly in code when creating a DirectoryEntry object to your LDAP.
It sounds like you've followed best practices and granted the App Pool identity the least amount of privileges, which is perfect for most SharePoint functionality. When we start doing custom programming, we'll have to tweak permissions so that the code will work properly.
http://donahoo-development.com
Monday, December 5, 2011 12:15 PM ✅Answered
Solution for this STUPID error:
1. http://msdn.microsoft.com/en-us/library/ms180890%28v=vs.80%29.aspx
2. http://forums.asp.net/t/991719.aspx/1
3. http://msdn.microsoft.com/en-us/library/ms180890%28v=vs.80%29.aspx
I think these 3 links guide to correct solution for the error....
Wednesday, November 30, 2011 12:53 PM
And iam running code on a SharePoint Site
• IIS 6
• ASP.NET 3.5 (C#)
• Active Directory
• Windows Server 2008 R2
• SharePoint 2010 / WebPart for changing password.....
Wednesday, November 30, 2011 2:20 PM
I svear to good this is the most discusting type of coding i ever have been true in 4 years of developing, i have never expirienced that to not to find any solution on google....and even i find alot of forums related to my issue, no one is coming with any good solution. so confuising... :(
First i get this error message in local enviroment, and then suddenly out of the blue it start working, but still not working on customers production enviroment... ?!
Wednesday, November 30, 2011 2:51 PM
Oki, after some more search i found out that maybe giving ASP.Net access to active directory for making changes....?!!
Wednesday, November 30, 2011 2:54 PM
The strange thing is why i dont have to give same access to my ASP.Net site running on my enviroment and why i get this error on customers production enviroment and not mine.....?!
Any help will be APPRICIATED....
Wednesday, November 30, 2011 3:04 PM
this 2 link refger to same problom as i have....
Thursday, December 1, 2011 1:41 PM
refer to this site and follow the question for thise ho want to come to a solution...this blog site wery quite place i feel...
http://www.experts-exchange.com/Programming/Languages/C_Sharp/Q_27470991.html#a37219564
Sunday, December 4, 2011 3:52 PM
Hi Mike
thanks for replay ;)
i am new here sp i will learn better ways to write questions....
i have tried one of your suggestions to grant access to updtae active directory for my app pool identity....and it is a live customer enviroment so they granted permissions to the app pool identity user...but it dident work... :(
so i will go on work tomorow and try ur second seggustion and see what happens...?!
Tc
Monday, December 5, 2011 9:43 AM
Here is a wery good link, maybe this solution will work...i havent tried it yet....
http://msdn.microsoft.com/en-us/library/ms180890%28v=vs.80%29.aspx