J
jeremy
Hello.
I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will perform
lookups based on the current user (integrated auth) to an LDAP server which
requires no login (AuthenticationTypes.None). When I run it, I get the
following ambiguous error:
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.
Exception Details: System.Security.SecurityException: Security error.
But - the ldap query works flawlessly on my XP development machine (where I
am logged into the domain also).
What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authentication mode="Windows" />
<identity impersonate="true"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.DirectoryServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)
I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservices dll (or
some other windows 2003 config setting), when it is called. What leads me to
that conclusion is when I am debugging, I will not get that error when i rem
out the line --> dirEntry = new
DirectoryEntry("LDAP://server:389/ou=People,o=site.org"); <---. When that
line is unrem'd, the debugger never begins to debug - I get the error first.
using System.DirectoryServices;
........
DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry(LDAP://server:389/ou=People,o=site.org);
dirEntry.AuthenticationType = AuthenticationTypes.None;
//perform lookup
Thanks much in advance for any ideas. Again, my code is good - it works on
my other box. It just doesn't run on the server.
I have an asp.net application that resides on a non-DC / BDC Sharepoint
Server (although it is logged into the domain). The application will perform
lookups based on the current user (integrated auth) to an LDAP server which
requires no login (AuthenticationTypes.None). When I run it, I get the
following ambiguous error:
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.
Exception Details: System.Security.SecurityException: Security error.
But - the ldap query works flawlessly on my XP development machine (where I
am logged into the domain also).
What I've done:
Excluded the virt directory from SPS (so IIS will handle it)
in web.config:
<authentication mode="Windows" />
<identity impersonate="true"/>
in IIS - tried Basic (tied to my domain name and pwd) only and then
Integrated auth only
added a reference in dotnet to the System.DirectoryServices dll
looked in event viewer - no errors
created app pool specifically for the site. tried all of the identity
options (inc domain\username & pwd)
I have a very strong feeling that the security error is not linked to
the actual LDAP query, but to the loading of the directoryservices dll (or
some other windows 2003 config setting), when it is called. What leads me to
that conclusion is when I am debugging, I will not get that error when i rem
out the line --> dirEntry = new
DirectoryEntry("LDAP://server:389/ou=People,o=site.org"); <---. When that
line is unrem'd, the debugger never begins to debug - I get the error first.
using System.DirectoryServices;
........
DirectoryEntry dirEntry;
dirEntry = new DirectoryEntry(LDAP://server:389/ou=People,o=site.org);
dirEntry.AuthenticationType = AuthenticationTypes.None;
//perform lookup
Thanks much in advance for any ideas. Again, my code is good - it works on
my other box. It just doesn't run on the server.