Insufficient access rights to perform the operation

Discussion in 'ASP .Net Security' started by Russ, Dec 21, 2005.

  1. Russ

    Russ Guest

    Insufficient access rights to perform the operationI am trying to figure out
    if a user is a member of a role. I installed the AzMan on my XPSP2 box, and
    set up a role in our Win2k3 domain. I myself to that role, and I call:
    if (Roles.IsUserInRole(user.UserName, "WholeCompany"))
    {}

    But as soon as I do, I get a "Unable to update the password. The value
    provided as the current password is incorrect". I then go into the web.config
    file and set up <identity impersonate="true" userName="domain\administrator"
    password="password"/>. When I do that, ( and I am assuming that the domain
    admin has access to what ever it needs in AD ), I get a "Insufficient access
    rights to perform the operation" exception.

    I have been fighting this AD membership thing for almost a wekk, making
    painfull headway, and I am waitsing valuable time, and my manager is
    beginning to notice I am not getting anywhere. I am at my wits end with this.
     
    Russ, Dec 21, 2005
    #1
    1. Advertising

  2. Russ

    MikeS Guest

    For <indentity impersonate="true">, see if the the web servers MACHINE$
    account is defined as a reader or better in the AzMan stores security
    settings. Might see if domain admins is in there too. The AzMan interop
    dll neds to be in the GAC and you need to be running with full trust
    AFAIK.
     
    MikeS, Dec 22, 2005
    #2
    1. Advertising

  3. Russ

    Russ Guest

    I'm not exactly sure how I should make the MACHINE$ account a member of the
    reader group in AzMan since all of my web servers are machines that are
    members of a domain. ( I also don't see any machine$ account on any of them?
    ). Are you suggesting I create a domain account to run IIS with?

    Secondly, I thought setting the impersonate attribute would allow my .NET
    web app to run AS the user I set in the username and password values. Since I
    set those to the domain admin I should be running my web app with
    considerably more privilege that is necessary or appropriate.

    Also, the entire Domain Admins group is a member of the AzMan Administrators
    group, which I suspect includes read, and write access to the AzMan store. (I
    put the domain admin in the reader group in AzMan and there was no change in
    behavior).

    Finally, the AzMan interop is installed by default on Win2K3 boxes, and all
    of my web servers are Win2K3 SP1 boxes. My dev machine is a WinXPSP2 box,
    with all of the AzMan stuff installed. Both my dev box, and the web servers
    behave exactly the same.

    "MikeS" wrote:

    > For <indentity impersonate="true">, see if the the web servers MACHINE$
    > account is defined as a reader or better in the AzMan stores security
    > settings. Might see if domain admins is in there too. The AzMan interop
    > dll neds to be in the GAC and you need to be running with full trust
    > AFAIK.
    >
    >
     
    Russ, Dec 22, 2005
    #3
  4. Russ

    Russ Guest

    I figured out the machine$ thing and added it to the reader group, but I got
    the same error.

    "Russ" wrote:

    > I'm not exactly sure how I should make the MACHINE$ account a member of the
    > reader group in AzMan since all of my web servers are machines that are
    > members of a domain. ( I also don't see any machine$ account on any of them?
    > ). Are you suggesting I create a domain account to run IIS with?
    >
    > Secondly, I thought setting the impersonate attribute would allow my .NET
    > web app to run AS the user I set in the username and password values. Since I
    > set those to the domain admin I should be running my web app with
    > considerably more privilege that is necessary or appropriate.
    >
    > Also, the entire Domain Admins group is a member of the AzMan Administrators
    > group, which I suspect includes read, and write access to the AzMan store. (I
    > put the domain admin in the reader group in AzMan and there was no change in
    > behavior).
    >
    > Finally, the AzMan interop is installed by default on Win2K3 boxes, and all
    > of my web servers are Win2K3 SP1 boxes. My dev machine is a WinXPSP2 box,
    > with all of the AzMan stuff installed. Both my dev box, and the web servers
    > behave exactly the same.
    >
    > "MikeS" wrote:
    >
    > > For <indentity impersonate="true">, see if the the web servers MACHINE$
    > > account is defined as a reader or better in the AzMan stores security
    > > settings. Might see if domain admins is in there too. The AzMan interop
    > > dll neds to be in the GAC and you need to be running with full trust
    > > AFAIK.
    > >
    > >
     
    Russ, Dec 22, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ian Taite

    Event 1084 ASPNET Insufficient Rights

    Ian Taite, Mar 9, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    3,300
    Ian Taite
    Mar 10, 2005
  2. Henry van der Beek

    Perform operation whenever dir is altered

    Henry van der Beek, Jul 5, 2004, in forum: Python
    Replies:
    1
    Views:
    469
    John Lenton
    Jul 5, 2004
  3. Tim Golden
    Replies:
    0
    Views:
    413
    Tim Golden
    Jul 5, 2004
  4. ssg31415926
    Replies:
    3
    Views:
    1,932
    ssg31415926
    Aug 3, 2007
  5. Arturo
    Replies:
    0
    Views:
    192
    Arturo
    Feb 6, 2004
Loading...

Share This Page