locked
Trouble adding users while programming against AD with a Virtual Directory underneath SharePoint RRS feed

  • Question

  • User1264343127 posted

    That's a long title, let me simplify this a little bit...

    I've built an application running on a virtual directory underneath a WSS 3.0 SharePoint install and I'm having an issue programming against AD.  I keep getting the following error while trying to add a user:

    Exception has been thrown by the target of an invocation.
    Error String: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
       --- End of inner exception stack trace ---
       at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
       at System.DirectoryServices.AccountManagement.SDSUtils.SetPassword(DirectoryEntry de, String newPassword)
       at System.DirectoryServices.AccountManagement.ADStoreCtx.SetPassword(AuthenticablePrincipal p, String newPassword)
       at System.DirectoryServices.AccountManagement.SDSUtils.InsertPrincipal(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes, Boolean needToSetPassword)
       at System.DirectoryServices.AccountManagement.ADStoreCtx.Insert(Principal p)
       at System.DirectoryServices.AccountManagement.Principal.Save()
       at System.DirectoryServices.AccountManagement.Principal.Save(PrincipalContext context)

     The code I'm using: 

    1    		public static bool AddUserToAD(string username, string firstName, string lastName, string emailAddress, string password, string DomainName, out string ErrorMessage) {
    2
    3 ErrorMessage = "";
    4 bool retValue = false;
    5
    6 //getting a single domain's context
    7 PrincipalContext pContext = SDSAMContextList.GetContext(DomainName);
    8
    9 //checking to make sure this context exists
    10 if(pContext != null){
    11
    12 try {
    13
    14 //creating new user
    15 UserPrincipal newUser = new UserPrincipal(pContext, username, password, true);
    16
    17 //setting other values
    18 newUser.GivenName = firstName;
    19 newUser.Surname = lastName;
    20 newUser.EmailAddress = emailAddress;
    21
    22 //saving current state
    23 newUser.Save(pContext);
    24
    25 retValue = true;
    26
    27 } catch (UnauthorizedAccessException uae) {
    28 //user was unauthorized to make this change
    29 ErrorMessage += "\nUser was unauthorized: " + ErrorInfo.GetErrorInfo(uae)
    30 + String.Format("\nusername: {0} \nfirstName: {1} \nlastName: {2} \nemailAddress: {3} \npassword: {4} \nDomainName: {5} \nContainer: {6} \nConnectedServer: {7} \nContextType: {8} \nUserName: {9} \nName: {10}",
    31 username, firstName, lastName, emailAddress, password, DomainName, pContext.Container, pContext.ConnectedServer, pContext.ContextType.ToString(), pContext.UserName, pContext.Name);
    32 } catch (Exception ex) {
    33 ErrorMessage += "\nError adding user to AD: " + ErrorInfo.GetErrorInfo(ex)
    34 + String.Format("\nusername: {0} \nfirstName: {1} \nlastName: {2} \nemailAddress: {3} \npassword: {4} \nDomainName: {5} \nContainer: {6} \nConnectedServer: {7} \nContextType: {8} \nUserName: {9} \nName: {10}",
    35 username, firstName, lastName, emailAddress, password, DomainName, pContext.Container, pContext.ConnectedServer, pContext.ContextType.ToString(), pContext.UserName, pContext.Name);
    36 }
    37
    38 //disposing principal
    39 pContext.Dispose();
    40 }
    41
    42 return retValue;
    43
    44 }

      On the server where this code is running, I've made a small console app that runs the same exact code as above using the same exact principal context. The context is setup with the proper container (I've verified this with outputting container, domain, user, etc). The console app works without any issues, the web app gives the error that is shown above. I've asked the sysadmins to check the logs and they don't see any errors regarding AD.

     What makes this odd is, when using the web app code, I can reset passwords, disable and enable users, search for users, but I have been unable to add or delete them. Using the console app I can do everything I need. Should I ask the sysadmins to remove this site from being a virtual dir under SharePoint and create it as its own site? Does anyone have any different insight into this?

     Thanks ahead for your help!

    Friday, January 16, 2009 4:54 PM

All replies

  • User1024576976 posted

    Make sure Anonymous access is denied and windows integrated in checked.

     

    Thanks

     

    Sunday, January 18, 2009 3:07 AM
  • User1264343127 posted

    Make sure Anonymous access is denied and windows integrated in checked.

    Thanks for your reply, I've made the changes you've suggested and they had no affect.

    I have moved the site to a separate virtual directory not under sharepoint control and when I removed the trust level from the web.config, I was able to successfully add users. After this find, I went ahead and did this on the virtual directory under sharepoint and sharepoint itself (sharepoint was set to Full trust), the results did not change. I had the sysadmin look at logs on both the web server and the AD server and nothing showed up as to why the access was denied.

    Besides the main difference of sharepoint controlling the first virtual directory, the only other major difference I can see is that SSL is enabled on the sharepoint virtual dir and not on the other virtual dir.

     Any thoughts? Should I be checking more settings elsewhere?

    Tuesday, January 20, 2009 2:29 PM