LDAP Authentication does not work on Vista after build

I have an application I developed that has an adminstrator toolbar, which should only be visible to Domain admins.  I am using the following code to determine if the current user is part of the domain admin group.

        Public Function IsInRole(ByVal RoleName As String) As Boolean
            If Thread.CurrentPrincipal.Identity.IsAuthenticated Then
                If Thread.CurrentPrincipal.IsInRole(RoleName) Then
                    IsInRole = True
                Else
                    IsInRole = False
                End If
            End If
        End Function

This works great on XP machines and it even works on Vista when you run it from visual studio 2005.  But once I buld the application and install it on a new Vista machine, it no longer works.

Any help would be appreciated.

Thanks
Mike
LVL 1
EXTRHMANAsked:
Who is Participating?
 
EXTRHMANConnect With a Mentor Author Commented:
I came across this on the internet.

Apparently inserting this into the app.manifest will cause Vista to know that the application requires to be run as administrator during installation of the application.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0"
     processorArchitecture="X86" name="AdminApp" type="win32"/>
  <description>Description of your application</description>
  <!-- Identify the application security requirements. -->
  <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
    <ms_asmv2:security>
      <ms_asmv2:requestedPrivileges>
        <ms_asmv2:requestedExecutionLevel
          level="requireAdministrator"
          uiAccess="false"/>
        </ms_asmv2:requestedPrivileges>
       </ms_asmv2:security>
  </ms_asmv2:trustInfo>
</assembly>

Haven't tried it yet though.  Probably won't until next week.  I'll let you know if it works.

Thanks
Mike
0
 
Bob LearnedCommented:
Mike,

Is the compiled version being run by a different person, from a different place?  Are there rights or privileges issues/exceptions?

Bob
0
 
EXTRHMANAuthor Commented:
Bob,
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Bob LearnedCommented:
Mike,
0
 
EXTRHMANAuthor Commented:
Ahh sorry about that this is what I meant to say

Bob,
Thanks for responding so quickly.

Initially the application was installed by a different domain administrator.  It would not work for him or for me if I logged into the machine.  Also if I install the application on the developement Vista box it fails there also.  the only time it doesn't fail is while running it in debug mode through Visual Studio 2005.  I even tried changing what role I am checking against and the only role that actually works is "users".  Which I can't have.  This is very frustrating cause the same code works well on XP.  I figure Vista has some security feature that is preventing my code from correctly accessing the isInrole of the current Principal?  This is my first shot at developing an application on Vista, so I am in the dark here.

Thanks
Mike
0
 
Bob LearnedCommented:
Mike,

Vista has some significant security issues that we are all still trying so desperately to discover and work around.  I was so frustrated at home with my Vista, that I turned off User Access Control completely, since I have other security measures in place, and I was sooooo tired of being nagged.  

Does the fact that you didn't mention any exceptions mean that you aren't getting any?

Bob
0
 
EXTRHMANAuthor Commented:
Ok I think I found the problem.  But I am not sure of the solution.

Here is what I did.

After installing the app on a Vista Box, no matter what nobody can access the admin toolbar of the app.
Unless, you right-click the executable and check run as administrator.

This tells me that Vista is blocking access to something that isn't allowing my code to detemine what role the current user is in.

I thought about writing some code to make the application run as administrator during install, but i am afraid that all users will then get the admin toolbar, which we don't want.

Any thoughts?

Thanks
Mike
0
 
EXTRHMANAuthor Commented:
Bob,
No I don't get any exceptions at all.

Thanks
Mike
0
 
Bob LearnedCommented:
Mike,

The problem is that Vista doesn't automatically put you in the admin role until you do something that requests your privileges to be elevated.  I don't have a real good handle on the operating system access, yet, to put forth the "perfect" solution.

Bob
0
 
Bob LearnedCommented:
Cool, thanks, Mike!!

Bob
0
 
EXTRHMANAuthor Commented:
Bob,
sorry for the delay in getting back to this but, my solution above does work for this problem.  Vista will install the application with run as administrator rights.  Make sure you make the necessary changes to what I posted earlier  processor architecture, name .. and so forth.

Hope that helps and thanks for the input.
Mike
0
 
Computer101Commented:
Closed, 500 points refunded.
Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.