How to specify domain in the System.DirectoryServices.Entry object

  • Thread starter Thread starter tekk
  • Start date Start date
T

tekk

Hi,

I'm writing the component in c#, which allows to manage the IIS. I
want to make it working remote - i mean to manage the IIS on the machine
in some domain, from the machine which is outside this domain. My
question is:
How can i specify the domain in the System.DirectoryServices.Entry
object, when I'm creating it, with the following constructor:

System.DirectoryServices.Entry oIisServer = new
DirectoryEntry("IIS://some_server/W3SVC/1", "some_user", "some_passwd",
AuthenticationTypes.Secure);

??

Has anyone any idea??

regards,
tekkk
 
tekk said:
Hi,

I'm writing the component in c#, which allows to manage the IIS. I want
to make it working remote - i mean to manage the IIS on the machine in
some domain, from the machine which is outside this domain. My question
is:
How can i specify the domain in the System.DirectoryServices.Entry object,
when I'm creating it, with the following constructor:

System.DirectoryServices.Entry oIisServer = new
DirectoryEntry("IIS://some_server/W3SVC/1", "some_user", "some_passwd",
AuthenticationTypes.Secure);

??

Has anyone any idea??

regards,
tekkk
Click to expand...

You don't have to specify a domain.
Just specify the server name that runs the IIS server (some_server).

Willy.
 
Willy said:
You don't have to specify a domain.
Just specify the server name that runs the IIS server (some_server).

Willy.
Click to expand...
Thanks for the post man, but I have to tell that, it doesn't work.

I've got Win2000 server (SP 4) machine on which the IIS is running and
that machine is located in some domaine, lets say MY_DOMAIN. I've got
WinXP Pro (SP2) machine outside MY_DOMAIN, on which I run my test
program (written in C#, .NET 1.1), which uses above snippet of code to
get System.DirectoryServices.Entry object, connected to the IIS on the
Win2000 machine in MY_DOMAIN. I provide correct user name and password
and when i tray to run method 'Find' from the 'Children' property of
this object, i get error with number -2147024891 and message "Access is
denied".

My guess is that i provide something wrong: the user name or
AuthenticationTypes value, but when i've run my program under the debug,
I've noticed, that internal object 'credentials' (type
System.Net.NetworkCredential) located in the
System.DirectoryServices.Entryobject, has got empty value in the
'Domain' property. That's why I was asking about specifing domain name
in the System.DirectoryServices.Entry object. So any ideas, what is
wrong or what am I doing wrong?

tekkk
 
tekk said:
Thanks for the post man, but I have to tell that, it doesn't work.

I've got Win2000 server (SP 4) machine on which the IIS is running and
that machine is located in some domaine, lets say MY_DOMAIN. I've got
WinXP Pro (SP2) machine outside MY_DOMAIN, on which I run my test program
(written in C#, .NET 1.1), which uses above snippet of code to get
System.DirectoryServices.Entry object, connected to the IIS on the Win2000
machine in MY_DOMAIN. I provide correct user name and password and when i
tray to run method 'Find' from the 'Children' property of this object, i
get error with number -2147024891 and message "Access is denied".

My guess is that i provide something wrong: the user name or
AuthenticationTypes value, but when i've run my program under the debug,
I've noticed, that internal object 'credentials' (type
System.Net.NetworkCredential) located in the
System.DirectoryServices.Entryobject, has got empty value in the 'Domain'
property. That's why I was asking about specifing domain name in the
System.DirectoryServices.Entry object. So any ideas, what is wrong or what
am I doing wrong?

tekkk
Click to expand...

That's because you need to specify domain user credentials, in the form :
"domain\userid", "password".

where domain is or a domain name if it's a domain account, or the IIS
machine name if it's a local account.

Willy.
 
Willy said:
That's because you need to specify domain user credentials, in the form :
"domain\userid", "password".

where domain is or a domain name if it's a domain account, or the IIS
machine name if it's a local account.

Willy.
Click to expand...
Well, to be onest, I've already tried that, even before I've sent my
first post. I've used local account and
domain account - of course both of them were in the administrator group
on the IIS machine, and the effect is still the same:
error -2147024891 "Access is denied". After checking these cases under
the debugger that internal object 'credentials' (type
System.Net.NetworkCredential)
located in the System.DirectoryServices.Entry object, has got empty
value in the 'Domain' property, and "machine_name\user_name" in the
'UserName'
property of the same obejct.

So I'm still pretty sure that there is something wrong, with that
'Domain' value. Or am I wrong??

tekkk
 
Well, to be onest, I've already tried that, even before I've sent my first
post. I've used local account and
domain account - of course both of them were in the administrator group on
the IIS machine, and the effect is still the same:
error -2147024891 "Access is denied". After checking these cases under the
debugger that internal object 'credentials' (type
System.Net.NetworkCredential)
located in the System.DirectoryServices.Entry object, has got empty value
in the 'Domain' property, and "machine_name\user_name" in the 'UserName'
property of the same obejct.

So I'm still pretty sure that there is something wrong, with that 'Domain'
value. Or am I wrong??

tekkk
Click to expand...

Ok, I tried this myself with the same result, you got the same error when
trying to connect using the IIS Management tool (Inetmgr.exe) from a remote
server/workstation.
Seems like the IIS provider doesn't use the credentials specified in
DirectoryEntry constructor, it authenticates using the current user
identity, if this happens to be a valid domain account you are gold, else
you are denied access
Just turn on security auditing on the IIS server, you will get a logon
failed message in the eventlog for each connection request, specifying the
current process identity as requestor.

To solve this, I suggest you use System.Management namespace classes with
WMI to manage IIS, at least this works with explicit credentials :-).
Another option would be to drop this into a server type COM+ application
that run's with domain account credentials.

Willy.
 
Using System.Management and WMI for this has another advantage, you don't
need to have IIS installed at the client, this is required when using the
ADSI IIS provider interface.

Willy.
 
Back
Top