We help IT Professionals succeed at work.

Permission problem using System.DirectoryServices

2,361 Views
Last Modified: 2013-12-04
I have a VB.net 2003 user control that uses System.DirectoryServices to add,modify and delete Active Directory users.  The code works perfectly when run as a Winform application however, I have embedded the control in a web page so it can be used via our intranet.  When I do this I now get a System.DirectoryServices.DirectoryServicesPermission error (see below).

I have set the Code Access Security Policy using the .Net Configuration 1.1 Wizard so that the Intranet Zone is Full Trust.  Is there anything else I need to do to clear this error.

Thanks
See the end of this message for details on invoking 
just-in-time (JIT) debugging instead of this dialog box.
 
************** Exception Text **************
System.Security.SecurityException: Request for the permission of type 'System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
   at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
   at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
   at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)
   at System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Assembly asm, SecurityAction action)
   at nemos_DataBase.ActiveDirectory..ctor(String strOUName)
   at nemos_Dropdown.frmUser.AddToAD(String strUser, String strFirstName, String strLastName, String intEntityID, String strEntity, String strPassword)
   at nemos_Dropdown.frmUser.cmdAdd_Click(Object sender, EventArgs e)
   at System.Windows.Forms.Control.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ButtonBase.WndProc(Message& m)
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
The action that failed was:
LinkDemand
The type of the first permission that failed was:
System.DirectoryServices.DirectoryServicesPermission
The Zone of the assembly that failed was:
Intranet
 
 
************** Loaded Assemblies **************
mscorlib
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
System
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
nemos_SiteAdmin
    Assembly Version: 1.0.3245.19983
    Win32 Version: n/a
    CodeBase: http://localhost/NEMOS/nemos_SiteAdmin.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
Accessibility
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------
nemos_Dropdown
    Assembly Version: 0.0.0.0
    Win32 Version: n/a
    CodeBase: http://localhost/NEMOS/nemos_Dropdown.DLL
----------------------------------------
nemos_Image
    Assembly Version: 1.0.3245.19983
    Win32 Version: n/a
    CodeBase: http://localhost/NEMOS/nemos_Image.DLL
----------------------------------------
System.Web.Services
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Web.Services/2.0.0.0__b03f5f7f11d50a3a/System.Web.Services.dll
----------------------------------------
System.Xml
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Configuration
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Data
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll
----------------------------------------
i4ywawrp
    Assembly Version: 0.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
Microsoft.VisualBasic
    Assembly Version: 8.0.0.0
    Win32 Version: 8.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
8fivojdg
    Assembly Version: 1.0.3245.19983
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
Microsoft.mshtml
    Assembly Version: 7.0.3300.0
    Win32 Version: 7.0.3300.0
    CodeBase: file:///C:/WINDOWS/assembly/GAC/Microsoft.mshtml/7.0.3300.0__b03f5f7f11d50a3a/Microsoft.mshtml.dll
----------------------------------------
nemos_DataBase
    Assembly Version: 1.0.3250.9282
    Win32 Version: n/a
    CodeBase: http://localhost/NEMOS/nemos_DataBase.DLL
----------------------------------------
System.DirectoryServices
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.1433 (REDBITS.050727-1400)
    CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.DirectoryServices/2.0.0.0__b03f5f7f11d50a3a/System.DirectoryServices.dll
----------------------------------------
 
************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
 
For example:
 
<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>
 
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

Open in new window

Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
The reason is that ASP.NET account which is used to execute ASP.NET does not have permissions to perform these operations. You need to either give these permissions to the account or use other authentication methods such as windows authentication or impersonation.

Author

Commented:
My site uses impersonation and the impersonated user has Administrative rights.  Is there some other permissions I should assign to it?

CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
The administrative permissions might be only on the local computer. Is the user part of the domain administrator group?

Author

Commented:
yes, the user is a member of Domain Admins group....but it still doesn't work.
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
In my VB.NET app, i am able to query activedirectory to read user's fullname etc. May be its .NET code access security which is preventing the code from running.

Author

Commented:
yes, I think it might be but I have set the Code Access Security Policy using the .Net Configuration 1.1 Wizard so that the Intranet Zone is Full Trust.  Is there anything else I have to set to get it working?
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
Following article is perfect for you with loads of samples for AD.

http://www.vbdotnetheaven.com/UploadFile/ecabral/ADandNETInVB11112005020216AM/ADandNETInVB.aspx

Author

Commented:
CodeCruiser, thats a very useful article, thanks.  But unfortunately it doesn't solve my permission problem.
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I have been unable to solve the permission issue so I have managed to circumvent it.  Instead of calling the ActiveDirectory methods directly from the winform with internet explorer I now call them via a web service.  This works fine.

I have allocated the points to you anyway for all your help.  Thanks
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.