• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3271
  • Last Modified:

error '80072020' ASP Webpage

Hi experts,

I am trying to do a query to active directory with the following code:

but I always get error '80072020'
at this line of code: Set oUser = GetObject("LDAP://" & sysInfo.Username)

I do not use anonymous access in IIS and am using Windows Authentication.
How do I get around this problem?

public function authorizeUser()
   Dim sysInfo, oUser
   Dim group
   Dim ok 
   ok = false
   Set sysInfo = CreateObject("ADSystemInfo")
   Set oUser = GetObject("LDAP://" & sysInfo.Username)
   for each oGroupName in oUser.memberOf
      group = left(oGroupName,instr(oGroupName,",")-1)
      group = right(group, len(group) - 3)
	if group = "Adminstrators" then
	   ok = true
	end if
end function

Open in new window

  • 2
  • 2
2 Solutions
maloriopoliumAuthor Commented:
Thanks Norush,

The article seems to suggest that I need to tick the check box that says allow anonymous access in IIS. Would this be correct?
Also once I do that, does the default anonymous user have access rights to AD? How would I go about finding an account that has access rights to AD?
I'm just a bit confused.
The problem is that your web page is running under the context of iUSR_Servername and does not have access rights.

Meaning that if you would make this user part of the administrator group it would work.
But making the user an administrator is a very bad idea for security reasons.

The article found heres will learn you how to overcome this:
maloriopoliumAuthor Commented:
>The problem is that your web page is running under the context of iUSR_Servername and does not >have access rights.

Hmmm, but I am using Integrated Windows Authentication at the moment. I would have thought this means the web page is running under the context of whoever is logged into the computer?

Is this question still active?  Is this mean for ASP or ASP.NET?

The token available at the server when using Integrated Windows Authentication does not permit those credentials to be used to access another service requiring credentials.  Have a search online for the double hop problem.

What you want to do is possible however, but it requires some additional steps to be completed.  You need to enable your web server to delegate credentials to the domain controllers (or ADAM service) in your environment.  A search for kerberos delegation (or constrained delegation) will help point you in the right direction there.

The system I've got this running in is using .NET Web Services and we also enable the impersonate option, its been ages since I worked with classic ASP you may or may not need to perform something equivalent to get this working.

Hope that helps
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now