Please Help!-Trying to brows my asp.net application but I get a logon prompt-

Discussion in 'ASP .Net Security' started by J-T, Jul 21, 2005.

  1. J-T

    J-T Guest

    Hi All,

    We have an asp.net application on a windows 2003 server which is part of a
    domain controller which my worksatis is too. We have impersonated in our
    applciation with a fixed identity account which is also a domain account and
    is part of the admininstrator group of the webserver.The application is set
    to use NTLM and its application pool's IDENTITY is also set to use that
    imperssonated account,when I try to browse the application from my
    workstation(same network) I get a logon prompt (which should be poped up as
    I'm using NTLM) and even when I insert my username and password ,it rejects
    it and says that I'm not authorized to see the page.I have added the
    administator group to the local security policioes like "Logon locally" "log
    on as a service" ","log on as abatch job" "Access this computer from the
    network".Why I cannot see my application ??
     
    J-T, Jul 21, 2005
    #1
    1. Advertisements

  2. J-T

    J-T Guest

    Sorry I had a typo in my post:
    get a logon prompt (which *should not* be poped up as I'm using NTLM)
     
    J-T, Jul 21, 2005
    #2
    1. Advertisements

  3. J-T

    J-T Guest

    I followed up this link :
    http://www.kbalertz.com/kb_871179.aspx

    and I solved the logon problem ,but now I get this error

    Logon failure: unknown user name or bad password
    Description: An unhandled exception occurred during the execution of the
    current web request. Please review the stack trace for more information
    about the error and where it originated in the code.
    Exception Details: System.Runtime.InteropServices.COMException: Logon
    failure: unknown user name or bad password
    Source Error:
    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.
    Stack Trace:
    [COMException (0x8007052e): Logon failure: unknown user name or bad
    password]
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +707
    System.DirectoryServices.DirectoryEntry.Bind() +10
    System.DirectoryServices.DirectoryEntry.get_IsContainer() +10
    System.DirectoryServices.ChildEnumerator..ctor(DirectoryEntry container)
    +24
    System.DirectoryServices.DirectoryEntries.GetEnumerator() +26
    CgaCanada.Org.Common.ADUtils.getMMSList() in
    c:\vss\SMIA\Common\ADUtils.cs:111

    [SystemException: Failed to retrieve examiner list.Logon failure: unknown
    user name or bad password]
    CgaCanada.Org.Common.ADUtils.getMMSList() in
    c:\vss\SMIA\Common\ADUtils.cs:118
    SMIA.Business.ApplicationCache.GetExaminers() in
    c:\vss\SMIA\Business\ClassFiles\ApplicationCache.cs:962
    SMIA.Business.ApplicationCache.init() in
    c:\vss\SMIA\Business\ClassFiles\ApplicationCache.cs:1163

    [SystemException: ApplicationCache initialization failed. ]
    SMIA.Business.ApplicationCache.init() in
    c:\vss\SMIA\Business\ClassFiles\ApplicationCache.cs:1204
    SMIA.Business.ApplicationCache..cctor() in
    c:\vss\SMIA\Business\ClassFiles\ApplicationCache.cs:31

    [TypeInitializationException: The type initializer for
    "SMIA.Business.ApplicationCache" threw an exception.]
    SMIA.Business.ApplicationCache.get_Reference() +0
    SMIA.Business.BusinessLayer.Init(String baseName, String assemblyName) in
    c:\vss\SMIA\Business\ClassFiles\BusinessLayer.cs:28
    SMIA.Web.Global.Application_Start(Object sender, EventArgs e) in
    c:\vss\SMIA\SMIAWeb\Global.asax.cs:50
     
    J-T, Jul 21, 2005
    #3
  4. You should start a new thread on that.

    In order to diagnose this, it would be necessary to see the code in question
    and find out how you are trying to bind to AD with your DirectoryEntry.

    Joe K.
     
    Joe Kaplan \(MVP - ADSI\), Jul 21, 2005
    #4
  5. J-T

    J-T Guest

    But tis code is perfectly working on our External Production which is
    exactly the same as this server except that they have applied SP1 on the
    Active Directory controller which is the problematic server is member of and
    they have not applied SP1 to the External domain controller.Could it be a
    problem?

    Thanks
     
    J-T, Jul 21, 2005
    #5
  6. I doubt SP1 is the problem, but I suppose it is possible.

    The thing I was trying to suggest was that you should know exactly how the
    bind is being performed so that you have some idea as to what to look for.
    The fact that the same code works in one place and not in another simply
    indicates that some other factor besides the code is different. In order to
    help diagnose the problem, it is helpful to see your code so that we can
    understand what assumptions it is making.

    Joe K.

     
    Joe Kaplan \(MVP - ADSI\), Jul 21, 2005
    #6
  7. J-T

    J-T Guest

    Thanks for All your help guys,
    I actually solved the problem there were some issues involved:

    1) It has nothing to do with Authentication type of the application and the
    user we used to connecto to active direcoty caused all those problem.It ws
    not setup properly.

    2) some body deployed PDB files( Debug mode) to the production and some
    unnecessay PDB files there were making the situation even worse.Our
    Authorization amanger store file(XML) file could not be found because we
    were using App.Domain.CurrentDirecoty() which is different in Debug and
    Release mode...Stupid mistake

    3) Authorziation manager File (XML) was out of date too:)


    It has been solved now,and agian it has nothing to do with impersonation and
    authentication type and it was all about our own mistakes talking to Active
    direcoty using ADSI.

    Thanks again
     
    J-T, Jul 22, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.