Form authentication, errors

G

Guest

Hi
I followed the MS kb#316748 trying to implement form authentication for my
..NET application, but I got this error when I was just trying to load the
login.aspx, any clue?
TIA

here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load the string
resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t) +376
System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the target of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164

[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String
requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, String path, String pathTranslated, Boolean useAppConfig) +698

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep
..Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +173


--
 
G

Guest

By the way, as advised by the kb doc. I have set "Impersonation=true" in my
web.config!

TIA

here is my web.config ---
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>


Hi
I followed the MS kb#316748 trying to implement form authentication for my
.NET application, but I got this error when I was just trying to load the
login.aspx, any clue?
TIA

here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load the string
resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t) +376
System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the target of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164

[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String
requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, String path, String pathTranslated, Boolean useAppConfig) +698System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep
.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +173
Click to expand...
 
D

Dominick Baier [DevelopMentor]

Hello dl,

why do you want to impersonate when using forms auth??

if IIS is set to anonymous and forms auth is enabled - IIRC impersonation
means your app runs under IUSR_MACHINENAME.

does this make sense??

I think you can safely disbale impersonation

for a working example of forms auth check this :
http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
By the way, as advised by the kb doc. I have set "Impersonation=true"
in my web.config!

TIA

here is my web.config ---
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
Hi
I followed the MS kb#316748 trying to implement form authentication
for my
.NET application, but I got this error when I was just trying to load
the
login.aspx, any clue?
TIA
here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load the string

resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t) +376
System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the target
of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164
[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context,
String requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, String path, String pathTranslated, Boolean
useAppConfig)
+698

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExecuti
onStep

.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +173
Click to expand...
Click to expand...
 
G

Guest

Hi
I think I have missed one step, ie. to change the default IUSER/machine
account to a "least privileged" account and
I have just created a user with "Domain users" as primary group to replace
the default anonymous account.

Now I am getting
HTTP 401.1 - Unauthorized: Logon Failed
But I did not see the login.aspx and have not yet type in the credentials!
Is this something to do with my "least privileged" account?
TIA

Hi
I followed the MS kb#316748 trying to implement form authentication for my
.NET application, but I got this error when I was just trying to load the
login.aspx, any clue?
TIA

here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load the string
resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t) +376
System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the target of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164

[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String
requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, String path, String pathTranslated, Boolean useAppConfig) +698System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep
.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +173
Click to expand...
 
G

Guest

Hi Dominick
I have just changed the anonymous to "least privileged" account. But I
properly didn't set it right, or didn't give the account enough access
right, I am now getting
HTTP 401.1 - Unauthorized: Logon Failed
when I was trying to load the login.aspx! I have not even typed in the
credentials yet!?

The reason why I would like to use impersonation is to allow domain control
delegation. i.e my application need to be able to add / change / delete
domain objects (mainly user and ou), in doing so I want to delegate ou
administration to the users created via my application. i.e. I am writing
something similar to a web based domain user account / ou provisioning
application.

Dominick Baier said:
Hello dl,

why do you want to impersonate when using forms auth??

if IIS is set to anonymous and forms auth is enabled - IIRC impersonation
means your app runs under IUSR_MACHINENAME.

does this make sense??

I think you can safely disbale impersonation

for a working example of forms auth check this :
http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
By the way, as advised by the kb doc. I have set "Impersonation=true"
in my web.config!

TIA

here is my web.config ---
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
Hi
I followed the MS kb#316748 trying to implement form authentication
for my
.NET application, but I got this error when I was just trying to load
the
login.aspx, any clue?
TIA
here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load the string

resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t) +376
System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the target
of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164
[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context,
String requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, String path, String pathTranslated, Boolean
useAppConfig)
+698

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExecuti
onStep

.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +173
Click to expand...
Click to expand...
Click to expand...
 
D

Dominick Baier [DevelopMentor]

Hello dl,

why do you want to do it via impersonation?? give your app pool a domain
account identity and delegate the needed AD permissions to that account.
much easier and less error prone.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick
I have just changed the anonymous to "least privileged" account. But
I
properly didn't set it right, or didn't give the account enough access
right, I am now getting
HTTP 401.1 - Unauthorized: Logon Failed
when I was trying to load the login.aspx! I have not even typed in
the
credentials yet!?
The reason why I would like to use impersonation is to allow domain
control delegation. i.e my application need to be able to add / change
/ delete domain objects (mainly user and ou), in doing so I want to
delegate ou administration to the users created via my application.
i.e. I am writing something similar to a web based domain user account
/ ou provisioning application.

Hello dl,

why do you want to impersonate when using forms auth??

if IIS is set to anonymous and forms auth is enabled - IIRC
impersonation means your app runs under IUSR_MACHINENAME.

does this make sense??

I think you can safely disbale impersonation

for a working example of forms auth check this :
http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-9
8d0-bc8cfbec4c3a

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
By the way, as advised by the kb doc. I have set
"Impersonation=true" in my web.config!

TIA

here is my web.config ---
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<dl> wrote in message Hi
I followed the MS kb#316748 trying to implement form authentication
for my
.NET application, but I got this error when I was just trying to
load
the
login.aspx, any clue?
TIA
here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load
the
string

resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t)
+376 System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the target
of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164
[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context,
String requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context,
String
requestType, String path, String pathTranslated, Boolean
useAppConfig)
+698

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExecu
ti onStep

.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean&
completedSynchronously) +173
--
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Hi Dominick
Are you saying that I should give my application a custom account to run as,
and assign the least AD permissions required to this custom account? and
would I need "Account operators" or "Schema Admins" or "Domain Admins" or
some others in order to add / change / delete ou / user objects in a domain
?
TIA

Dominick Baier said:
Hello dl,

why do you want to do it via impersonation?? give your app pool a domain
account identity and delegate the needed AD permissions to that account.
much easier and less error prone.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick
I have just changed the anonymous to "least privileged" account. But
I
properly didn't set it right, or didn't give the account enough access
right, I am now getting
HTTP 401.1 - Unauthorized: Logon Failed
when I was trying to load the login.aspx! I have not even typed in
the
credentials yet!?
The reason why I would like to use impersonation is to allow domain
control delegation. i.e my application need to be able to add / change
/ delete domain objects (mainly user and ou), in doing so I want to
delegate ou administration to the users created via my application.
i.e. I am writing something similar to a web based domain user account
/ ou provisioning application.

Hello dl,

why do you want to impersonate when using forms auth??

if IIS is set to anonymous and forms auth is enabled - IIRC
impersonation means your app runs under IUSR_MACHINENAME.

does this make sense??

I think you can safely disbale impersonation

for a working example of forms auth check this :
http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-9
8d0-bc8cfbec4c3a

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
By the way, as advised by the kb doc. I have set
"Impersonation=true" in my web.config!

TIA

here is my web.config ---
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<dl> wrote in message Hi
I followed the MS kb#316748 trying to implement form authentication
for my
.NET application, but I got this error when I was just trying to
load
the
login.aspx, any clue?
TIA
here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load
the
string

resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t)
+376 System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the target
of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164
[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context,
String requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context,
String
requestType, String path, String pathTranslated, Boolean
useAppConfig)
+698

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExecu
ti onStep

.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean&
completedSynchronously) +173
--
Click to expand...
Click to expand...
Click to expand...
 
D

Dominick Baier [DevelopMentor]

Hello dl,

well- the same privileges you wanted to give to your impersonated account
(plus add it to IIS_WPG).

You can delegate special permissions in AD to non-admin user. Active Directory
and User -> Delegate

For the in-depth info on which specific perms you need - ask Joe Kaplan (on
this list) - he know best!

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick
Are you saying that I should give my application a custom account to
run as,
and assign the least AD permissions required to this custom account?
and
would I need "Account operators" or "Schema Admins" or "Domain Admins"
or
some others in order to add / change / delete ou / user objects in a
domain
?
TIA
Hello dl,

why do you want to do it via impersonation?? give your app pool a
domain account identity and delegate the needed AD permissions to
that account. much easier and less error prone.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick
I have just changed the anonymous to "least privileged" account.
But
I
properly didn't set it right, or didn't give the account enough
access
right, I am now getting
HTTP 401.1 - Unauthorized: Logon Failed
when I was trying to load the login.aspx! I have not even typed in
the
credentials yet!?
The reason why I would like to use impersonation is to allow domain
control delegation. i.e my application need to be able to add /
change
/ delete domain objects (mainly user and ou), in doing so I want to
delegate ou administration to the users created via my application.
i.e. I am writing something similar to a web based domain user
account
/ ou provisioning application.
"Dominick Baier [DevelopMentor]"

Hello dl,

why do you want to impersonate when using forms auth??

if IIS is set to anonymous and forms auth is enabled - IIRC
impersonation means your app runs under IUSR_MACHINENAME.

does this make sense??

I think you can safely disbale impersonation

for a working example of forms auth check this :

http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f
-9 8d0-bc8cfbec4c3a

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
By the way, as advised by the kb doc. I have set
"Impersonation=true" in my web.config!
TIA

here is my web.config ---
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<dl> wrote in message Hi
I followed the MS kb#316748 trying to implement form
authentication
for my
.NET application, but I got this error when I was just trying to
load
the
login.aspx, any clue?
TIA
here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load
the
string

resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t)
+376 System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the
target
of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164
[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context,
String requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context,
String
requestType, String path, String pathTranslated, Boolean
useAppConfig)
+698

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExe
cu ti onStep

.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean&
completedSynchronously) +173
--
Click to expand...
Click to expand...
Click to expand...
 
J

Joe Kaplan \(MVP - ADSI\)

A couple of quick points:

You absolutely don't need a service account at all to do simple LDAP
authentication. This code is adequate:

DirectoryEntry de = new DirectoryEntry("LDAP://yourdomain.com/RootDSE",
user, pwd, AuthenticationTypes.Secure);
try
{
object o = de.NativeObject;
return true;
}
catch (COMException ex)
{
return false;
}
finally
{
de.Dispose();
}

The advantage of impersonating a domain account for the auth is that you can
use serverless binding in your binding string (LDAP://rootdse instead of
LDAP://domain.com/rootdse), but if you provide a domain hint, you don't
really need that.

I don't think it is a good idea to use your highly privileged service
account for creating users as your IIS anonymous user account. I'd suggest
using those credentials only for the operations required. You have the
choice of providing the credentials in the constructor, programmatically
impersonating the user temporarily or moving the privileged code into a COM+
component under a specific account.

Regarding the privileges you need, this depends a great deal on how your AD
security has been designed, but generally speaking, account operators can
create accounts. It is probably a good idea to delegate a special account
to create accounts in just the container(s) you need to for use in this
application if absolutely possible as you really want to be careful.

HTH,

Joe K.

Dominick Baier said:
Hello dl,

well- the same privileges you wanted to give to your impersonated account
(plus add it to IIS_WPG).

You can delegate special permissions in AD to non-admin user. Active
Directory and User -> Delegate
For the in-depth info on which specific perms you need - ask Joe Kaplan
(on this list) - he know best!

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick
Are you saying that I should give my application a custom account to
run as,
and assign the least AD permissions required to this custom account?
and
would I need "Account operators" or "Schema Admins" or "Domain Admins"
or
some others in order to add / change / delete ou / user objects in a
domain
?
TIA
Hello dl,

why do you want to do it via impersonation?? give your app pool a
domain account identity and delegate the needed AD permissions to
that account. much easier and less error prone.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick
I have just changed the anonymous to "least privileged" account.
But
I
properly didn't set it right, or didn't give the account enough
access
right, I am now getting
HTTP 401.1 - Unauthorized: Logon Failed
when I was trying to load the login.aspx! I have not even typed in
the
credentials yet!?
The reason why I would like to use impersonation is to allow domain
control delegation. i.e my application need to be able to add /
change
/ delete domain objects (mainly user and ou), in doing so I want to
delegate ou administration to the users created via my application.
i.e. I am writing something similar to a web based domain user
account
/ ou provisioning application.
"Dominick Baier [DevelopMentor]"

Hello dl,

why do you want to impersonate when using forms auth??

if IIS is set to anonymous and forms auth is enabled - IIRC
impersonation means your app runs under IUSR_MACHINENAME.

does this make sense??

I think you can safely disbale impersonation

for a working example of forms auth check this :

http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f
-9 8d0-bc8cfbec4c3a

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
By the way, as advised by the kb doc. I have set
"Impersonation=true" in my web.config!
TIA

here is my web.config ---
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<dl> wrote in message Hi
I followed the MS kb#316748 trying to implement form
authentication
for my
.NET application, but I got this error when I was just trying to
load
the
login.aspx, any clue?
TIA
here is the stack trace:
[HttpException (0x80004005): An error occurred while try to load
the
string

resources (GetModuleHandle failed with error -2147023888).]
System.Web.StringResourceManager.ReadSafeStringResource(Type t)
+376 System.Web.UI.TemplateControl.ReadStringResource(Type t) +5
ASP.login_aspx..ctor()

[TargetInvocationException: Exception has been thrown by the
target
of an
invocation.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +164
[HttpException (0x80004005): Failed to create page of type
'ASP.login_aspx'.]
System.Web.UI.TemplateControlParser.GetCompiledInstance(String
virtualPath, String inputFile, HttpContext context) +340
System.Web.UI.PageParser.GetCompiledPageInstanceInternal(String
virtualPath, String inputFile, HttpContext context) +43
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context,
String requestType, String url, String path) +44
System.Web.HttpApplication.MapHttpHandler(HttpContext context,
String
requestType, String path, String pathTranslated, Boolean
useAppConfig)
+698

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication+IExe
cu ti onStep

.Execute() +95
System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean&
completedSynchronously) +173
--
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

System.Web.HttpException Error. 0
An error occurred while try to load the string resources (GetModuleHandle failed with error -2147023 1
GetModuleHandle failed with error 0
Outlook automation gives COMException Server execution failed 2
Exception while accessing any of .aspx page 0
asp.net 1.1 error 12
odd exception 1
Intermittently problem 1

Members online

Total: 27 (members: 1, guests: 26)
Robots: 511

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top