Lingerie Alley
New Member
I have read almost every question on SO regarding AD and Impersonation... but no luck.This code is running on our web server on an existing Active Directory user (object) in our Active Directory server. Both servers are on the same domain.Everything works fine when I run it locally, but when on the server it fails, saying "Access is denied."I have tried changing IIS settings, but don't really know what to do...Do I need to give the Application Pool more privileges?
Maybe I need to use Windows Authentication to Impersonate? (my .Net app uses Forms Authentication)Any help would be appreciated - I will gladly give more detail.Here is my code:\[code\]Using (HostingEnvironment.Impersonate()) Dim search As New DirectorySearcher("(userprincipalname=" & ADUser.UPN & ")") Dim result As SearchResult = search.FindOne() Dim de As DirectoryEntry = result.GetDirectoryEntry() Dim ct As Integer = 0 For Each key As String In AdPropNames.Keys If CurrentADUserPropValues.ContainsKey(AdPropNames.Item(key)) AndAlso Not AdPropNames.Item(key).Equals("DirectReports") AndAlso Not AdPropNames.Item(key).Equals("ManagerName") AndAlso Not AdPropNames.Item(key).Equals("DistinguishedName") Then If AdPropNames.Item(key).Equals("Manager") Then de.Properties(key).Value = http://stackoverflow.com/questions/15798754/ManagerDistinguishedName ElseIf CurrentADUserPropValues.Item(AdPropNames.Item(key)) ="" Then ' Do nothing. Else de.Properties(key).Value = http://stackoverflow.com/questions/15798754/CurrentADUserPropValues.Item(AdPropNames.Item(key)) End If End If Next de.CommitChanges() de.Close()End Using\[/code\]
Maybe I need to use Windows Authentication to Impersonate? (my .Net app uses Forms Authentication)Any help would be appreciated - I will gladly give more detail.Here is my code:\[code\]Using (HostingEnvironment.Impersonate()) Dim search As New DirectorySearcher("(userprincipalname=" & ADUser.UPN & ")") Dim result As SearchResult = search.FindOne() Dim de As DirectoryEntry = result.GetDirectoryEntry() Dim ct As Integer = 0 For Each key As String In AdPropNames.Keys If CurrentADUserPropValues.ContainsKey(AdPropNames.Item(key)) AndAlso Not AdPropNames.Item(key).Equals("DirectReports") AndAlso Not AdPropNames.Item(key).Equals("ManagerName") AndAlso Not AdPropNames.Item(key).Equals("DistinguishedName") Then If AdPropNames.Item(key).Equals("Manager") Then de.Properties(key).Value = http://stackoverflow.com/questions/15798754/ManagerDistinguishedName ElseIf CurrentADUserPropValues.Item(AdPropNames.Item(key)) ="" Then ' Do nothing. Else de.Properties(key).Value = http://stackoverflow.com/questions/15798754/CurrentADUserPropValues.Item(AdPropNames.Item(key)) End If End If Next de.CommitChanges() de.Close()End Using\[/code\]