|
ms
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
user creation and adding user to a group using WMII have a web app that adds user into w2k3 server and adds it to the administrator group. The code snippet is something like this: try { DirectoryEntry AD = new DirectoryEntry("WinNT://" + in0.IPAddress + ",computer", in1.userName, decryptData(in1.password), AuthenticationTypes.Secure); // Create super user DirectoryEntry NewUser = AD.Children.Add(in2.userName, "user"); NewUser.Invoke("SetPassword", new object[] { decryptData(in2.password) }); NewUser.Invoke("Put", new object[] { "Description", "Maya account creation" }); NewUser.CommitChanges(); DirectoryEntry grp; grp = AD.Children.Find("Administrators", "group"); // if (grp.Name != null) {grp.Invoke("Add", new Object[] {NewUser.Path.ToString()});} if (grp.Name != null) grp.Invoke("Add", new Object[] { NewUser.Path.ToString() }); } catch (Exception e) { throw onException("SFatalInternalException", "http://mrdp.m.hp.com", "Super user account creation failed !!!"); } here the user creation is done but when it tries to add the user to administrative group it fails. This happens only in web app. If I try the same as console application it is successful. I am not sure if I am missing anything if I run this as a web service. Any help in this regard will be helpful. Thanks John John,
If it works in a console application and not in a web app, it means that you are running with rights that the ASPNET (the default local user account that ASP.NET runs under) does not have. You should impersonate a user that has the appropriate rights for the web app. I suggest for something like this, that you only do it for the pages which will actually add the user, as having the whole site run with elevated permissions is a bad idea. -- Show quote- Nicholas Paldino [.NET/C# MVP] - mvp@spam.guard.caspershouse.com "johnpremi" <johnpr***@discussions.microsoft.com> wrote in message news:D2DCD9A3-FB0E-4DE6-A375-3DD9C5D665ED@microsoft.com... > Hi there, > I have a web app that adds user into w2k3 server and adds it to the > administrator group. The code snippet is something like this: > try > { > DirectoryEntry AD = new DirectoryEntry("WinNT://" + > in0.IPAddress + ",computer", in1.userName, decryptData(in1.password), > AuthenticationTypes.Secure); > > // Create super user > DirectoryEntry NewUser = AD.Children.Add(in2.userName, "user"); > NewUser.Invoke("SetPassword", new object[] { > decryptData(in2.password) }); > NewUser.Invoke("Put", new object[] { "Description", "Maya > account creation" }); > NewUser.CommitChanges(); > DirectoryEntry grp; > grp = AD.Children.Find("Administrators", "group"); > // if (grp.Name != null) {grp.Invoke("Add", new Object[] > {NewUser.Path.ToString()});} > if (grp.Name != null) > grp.Invoke("Add", new Object[] { > NewUser.Path.ToString() }); > } > catch (Exception e) > { > throw onException("SFatalInternalException", > "http://mrdp.m.hp.com", "Super user account creation failed !!!"); > } > > here the user creation is done but when it tries to add the user to > administrative group it fails. This happens only in web app. If I try the > same as console application it is successful. I am not sure if I am > missing > anything if I run this as a web service. > Any help in this regard will be helpful. > Thanks > John >
Show quote
"johnpremi" <johnpr***@discussions.microsoft.com> wrote in message If it succeeds from a console program it should work from a web application news:D2DCD9A3-FB0E-4DE6-A375-3DD9C5D665ED@microsoft.com... > Hi there, > I have a web app that adds user into w2k3 server and adds it to the > administrator group. The code snippet is something like this: > try > { > DirectoryEntry AD = new DirectoryEntry("WinNT://" + > in0.IPAddress + ",computer", in1.userName, decryptData(in1.password), > AuthenticationTypes.Secure); > > // Create super user > DirectoryEntry NewUser = AD.Children.Add(in2.userName, "user"); > NewUser.Invoke("SetPassword", new object[] { > decryptData(in2.password) }); > NewUser.Invoke("Put", new object[] { "Description", "Maya > account creation" }); > NewUser.CommitChanges(); > DirectoryEntry grp; > grp = AD.Children.Find("Administrators", "group"); > // if (grp.Name != null) {grp.Invoke("Add", new Object[] > {NewUser.Path.ToString()});} > if (grp.Name != null) > grp.Invoke("Add", new Object[] { > NewUser.Path.ToString() }); > } > catch (Exception e) > { > throw onException("SFatalInternalException", > "http://mrdp.m.hp.com", "Super user account creation failed !!!"); > } > > here the user creation is done but when it tries to add the user to > administrative group it fails. This happens only in web app. If I try the > same as console application it is successful. I am not sure if I am > missing > anything if I run this as a web service. > Any help in this regard will be helpful. > Thanks > John > too. What's the exact exception being thrown? Are you sure that both userName and password are the same in both scenarios, *and* that this user is member of the administrators group? ... DirectoryEntry AD = new DirectoryEntry("WinNT://" + in0.IPAddress + ",computer", in1.userName, decryptData(in1.password), AuthenticationTypes.Secure); ... Please note also that this is not using WMI, System.DirectoryServices are wrapping ADSI. Willy.  |
|||||||||||||||||||||||
Other interesting topics