Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Getting "General access denied error" while creating new account using c# code - web application

302 views

Skip to first unread message

tmj...@gmail.com

unread,

May 28, 2008, 2:22:00 PM5/28/08

Hi,

I have web application which creates user on the same server where
application is running.

It works on my local but when i deploy, it says general errror

System.UnauthorizedAccessException: General access denied error
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()

I have given admin rights to ASP.NET user and the one who connected to
the appliction also has Admin Rights to the system. What else i am
missing on the security level?

<identity impersonate="false" /> in my config.

Can some one help me..

Thanks in advance
Malar

Below is the code for creating an user

DirectoryEntry objAD;
DirectoryEntry objNewUser;
DirectoryEntry objGrp;
string strConn;

//active directory connection string
strConn = "WinNT://"+ Environment.MachineName + "," + "computer";

//active directory entry point for above connection string
objAD = new DirectoryEntry(strConn);

//new user is added
objNewUser = objAD.Children.Add(sUserName, "user");
objNewUser.Invoke("SetPassword", new object[] {sPassword});
objNewUser.Invoke("Put", new object[] {"Description", sfullName});
objNewUser.CommitChanges();

//finding group
objGrp = objAD.Children.Find("Users", "group");

//adding new user to group
if (objGrp.Name != "")
{
objGrp.Invoke("Add", new object[] {objNewUser.Path.ToString()});
}//endif
sRetVal="true";

Joe Kaplan

unread,

May 28, 2008, 2:45:05 PM5/28/08

When you say you gave rights to the ASPNET user, what user was that? On IIS
6 or 7, the app pool identity is the identity that is used to run the
process (what you get if you aren't impersonating). The <machine>\ASPNET
account is only used for IIS 5 and 5.1 (XP).

The app pool runs as network service by default, so you might need to give
it permissions to do what you want or consider setting up IIS to run as a
privileged account.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<tmj...@gmail.com> wrote in message
news:036311e4-e82e-4429...@m3g2000hsc.googlegroups.com...

0 new messages