[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

LDAP Authentication does not work on Vista after build

Posted on 2007-10-17
13
Medium Priority
?
538 Views
Last Modified: 2013-12-04
I have an application I developed that has an adminstrator toolbar, which should only be visible to Domain admins.  I am using the following code to determine if the current user is part of the domain admin group.

        Public Function IsInRole(ByVal RoleName As String) As Boolean
            If Thread.CurrentPrincipal.Identity.IsAuthenticated Then
                If Thread.CurrentPrincipal.IsInRole(RoleName) Then
                    IsInRole = True
                Else
                    IsInRole = False
                End If
            End If
        End Function

This works great on XP machines and it even works on Vista when you run it from visual studio 2005.  But once I buld the application and install it on a new Vista machine, it no longer works.

Any help would be appreciated.

Thanks
Mike
0
Comment
Question by:EXTRHMAN
  • 6
  • 5
12 Comments
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20095471
Mike,

Is the compiled version being run by a different person, from a different place?  Are there rights or privileges issues/exceptions?

Bob
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20095520
Bob,
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20095543
Mike,
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20095564
Ahh sorry about that this is what I meant to say

Bob,
Thanks for responding so quickly.

Initially the application was installed by a different domain administrator.  It would not work for him or for me if I logged into the machine.  Also if I install the application on the developement Vista box it fails there also.  the only time it doesn't fail is while running it in debug mode through Visual Studio 2005.  I even tried changing what role I am checking against and the only role that actually works is "users".  Which I can't have.  This is very frustrating cause the same code works well on XP.  I figure Vista has some security feature that is preventing my code from correctly accessing the isInrole of the current Principal?  This is my first shot at developing an application on Vista, so I am in the dark here.

Thanks
Mike
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20095621
Mike,

Vista has some significant security issues that we are all still trying so desperately to discover and work around.  I was so frustrated at home with my Vista, that I turned off User Access Control completely, since I have other security measures in place, and I was sooooo tired of being nagged.  

Does the fact that you didn't mention any exceptions mean that you aren't getting any?

Bob
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20095662
Ok I think I found the problem.  But I am not sure of the solution.

Here is what I did.

After installing the app on a Vista Box, no matter what nobody can access the admin toolbar of the app.
Unless, you right-click the executable and check run as administrator.

This tells me that Vista is blocking access to something that isn't allowing my code to detemine what role the current user is in.

I thought about writing some code to make the application run as administrator during install, but i am afraid that all users will then get the admin toolbar, which we don't want.

Any thoughts?

Thanks
Mike
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20095669
Bob,
No I don't get any exceptions at all.

Thanks
Mike
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20095724
Mike,

The problem is that Vista doesn't automatically put you in the admin role until you do something that requests your privileges to be elevated.  I don't have a real good handle on the operating system access, yet, to put forth the "perfect" solution.

Bob
0
 
LVL 1

Accepted Solution

by:
EXTRHMAN earned 0 total points
ID: 20096557
I came across this on the internet.

Apparently inserting this into the app.manifest will cause Vista to know that the application requires to be run as administrator during installation of the application.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0"
     processorArchitecture="X86" name="AdminApp" type="win32"/>
  <description>Description of your application</description>
  <!-- Identify the application security requirements. -->
  <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
    <ms_asmv2:security>
      <ms_asmv2:requestedPrivileges>
        <ms_asmv2:requestedExecutionLevel
          level="requireAdministrator"
          uiAccess="false"/>
        </ms_asmv2:requestedPrivileges>
       </ms_asmv2:security>
  </ms_asmv2:trustInfo>
</assembly>

Haven't tried it yet though.  Probably won't until next week.  I'll let you know if it works.

Thanks
Mike
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20096578
Cool, thanks, Mike!!

Bob
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20203405
Bob,
sorry for the delay in getting back to this but, my solution above does work for this problem.  Vista will install the application with run as administrator rights.  Make sure you make the necessary changes to what I posted earlier  processor architecture, name .. and so forth.

Hope that helps and thanks for the input.
Mike
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20259416
Closed, 500 points refunded.
Computer101
EE Admin
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Screencast - Getting to Know the Pipeline

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question