C
Codifier
I am starting on a new website development effort and am somewhat new to
AzMAN/ADAM, so please guide me if this question has been answered elsewhere.
My environment:
I am developing this website on a Windows XP SP3 machine; all components
(AzMAN, ADAM, ASP.NET, IIS 5.1) are on the same physical machine. Later on,
during deployment, I am looking to migrate to WS2003 environment.
Right now, I have both applications working and am able to add new users /
groups to ADAM both through ADSI as well as programmatically
(DirectoryEntry.Invoke("Add", object[] ....)). My AzMAN policy store resides
in ADAM. My users are created in ADAM and assigned specific groups that are
then pegged to specific AzMAN roles through LDAP Query groups. I have
verified the LDAP queries work on ldp.exe console.
I am using standard ActiveDirectoryMembershipProvider for Membership and
System.Web.Security.AuthorizationStoreRoleProvider. I am not using a custom
role provider yet.
My Problem:
Roles.IsUserInRole("RoleName") gives me a E_INVALIDARGS error. I am making
this call in the Login Control's OnLoggedIn event, so I know the
MembershipProvider is authenticating the username/password correctly. I did
use some incorrect credentials to make sure the call is going out to the
MembershipProvider (which rejects incorrect credentials as expected). If I
break within the LoggedIn function, I see that User.Identity.Name is set
correctly to the logged in user. However, I get this error when doing the
role check.
I tried to work around this problem by taking the COM API route rather than
the Roles API route, and that is giving me even more problem by way of
COMExceptions (Handle is invalid) in the first step -- IAzAuthorizationStore
authStore = new AzAuthorizationStoreClass();
Please let me know how I can enable role authorization in my environment.
Since this is a new website development effort, I am not burdened by legacy
policies. I have some leeway in terms of setting up the user and policy
stores. However, I would like to make it work on an XP machine; don't want to
invest in WS2003 yet.
AzMAN/ADAM, so please guide me if this question has been answered elsewhere.
My environment:
I am developing this website on a Windows XP SP3 machine; all components
(AzMAN, ADAM, ASP.NET, IIS 5.1) are on the same physical machine. Later on,
during deployment, I am looking to migrate to WS2003 environment.
Right now, I have both applications working and am able to add new users /
groups to ADAM both through ADSI as well as programmatically
(DirectoryEntry.Invoke("Add", object[] ....)). My AzMAN policy store resides
in ADAM. My users are created in ADAM and assigned specific groups that are
then pegged to specific AzMAN roles through LDAP Query groups. I have
verified the LDAP queries work on ldp.exe console.
I am using standard ActiveDirectoryMembershipProvider for Membership and
System.Web.Security.AuthorizationStoreRoleProvider. I am not using a custom
role provider yet.
My Problem:
Roles.IsUserInRole("RoleName") gives me a E_INVALIDARGS error. I am making
this call in the Login Control's OnLoggedIn event, so I know the
MembershipProvider is authenticating the username/password correctly. I did
use some incorrect credentials to make sure the call is going out to the
MembershipProvider (which rejects incorrect credentials as expected). If I
break within the LoggedIn function, I see that User.Identity.Name is set
correctly to the logged in user. However, I get this error when doing the
role check.
I tried to work around this problem by taking the COM API route rather than
the Roles API route, and that is giving me even more problem by way of
COMExceptions (Handle is invalid) in the first step -- IAzAuthorizationStore
authStore = new AzAuthorizationStoreClass();
Please let me know how I can enable role authorization in my environment.
Since this is a new website development effort, I am not burdened by legacy
policies. I have some leeway in terms of setting up the user and policy
stores. However, I would like to make it work on an XP machine; don't want to
invest in WS2003 yet.