Re: ADAM - machine\ASPNET - file permissions

Hi

you might want to try posting over on the dotnet.framework.aspnet.security
newsgroup. It seems this issue around the ASPNET account has come up
before:

http://groups.google.co.uk/group/microsoft.public.dotnet.framework.aspnet.security/browse_thread/thread/7c4bb6c56119a68d/

Lee Flight

"Noremac" <Noremac@xxxxxxxxxxxxxxxxx> wrote in message
news:1EF68DF0-4239-4D7A-B50A-76F70FD8CF02@xxxxxxxxxxxxxxxx
Hi Lee,

ASPNET was already set as an Administrator as per step five.

I agree it is probably not an ACL. I turned on auditing file access for my
entire C drive and did not get any failures when the exception triggered.

Another thing I observed was that my domain account (which is a local
administrator) works when I use it for impersonation.

Another local administrator account did not work, just like the local
ASPNET
account.

Is ADAM trying to do something with the domain AD maybe?

"Lee Flight" wrote:

Hi

if the account is an ADAM administrator then it will have full
permissions
over the ADAM instance, it will not need the ACL on the
Program Files\Microsoft\ADAM\....
directory.

I think your permissions issue must be elsewhere, did you add
the ASPNET account to the AzMan Administrators role

Step 2
5. Under Authorization Manager user role ....

in the link MSDN PAG doc link.

Lee Flight

"Noremac" <Noremac@xxxxxxxxxxxxxxxxx> wrote in message
news:7003EAAF-D2EB-4D1F-B33D-673433768268@xxxxxxxxxxxxxxxx
I have been working through this article:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000018.asp
which is very good.

Everything is running locally on my XP dev machine, including ADAM. I
am
trying to get my ASP.NET 2.0 app to use it as its AzMan data store.

As per the article, Network Service is the account that runs the ADAM
instance. However, the account that runs ASP.NET is machine\ASPNET. I
don't
want to modify my processModel nor my web.config for impersonation.

I just need to know what permissions ASPNET needs in order to get to
ADAM.
So far I have ASPNET setup in ADAM as an Administrator and I have given
ASPNET the same ACL as the Network Service at "C:\Program
Files\Microsoft
ADAM\AdamForRolesProvider".

Even with these changes, I still get the error: The system cannot find
the
file specified. (Exception from HRESULT: 0x80070002).

I confirmed it was a permission issue by impersonating a local
administrator
in the web.config. When I do that, it works.





.

Relevant Pages

  • Re: Change ADAM Service A/c Password
    ... So which account is your *ADAM* Administrator account? ... The procedure for updating the service account in ADAM is here. ...
    (microsoft.public.windows.server.active_directory)
  • Re: XP Logon
    ... You should have another Account, in there for ASPNET. ... I see 2 accounts, Bill & Administrator, want to have only one, Bill. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: DAMM sign in problem again
    ... log you on because of an account restriction. ... Below Group is Administrator, Aspnet, and Administrator. ... Then Saturday the startup sign ...
    (microsoft.public.windowsxp.general)
  • Re: ADAM - machineASPNET - file permissions
    ... if the account is an ADAM administrator then it will have full permissions ... I think your permissions issue must be elsewhere, ... So far I have ASPNET setup in ADAM as an Administrator and I have given ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM - machineASPNET - file permissions
    ... ASPNET was already set as an Administrator as per step five. ... Another thing I observed was that my domain account (which is a local ... Is ADAM trying to do something with the domain AD maybe? ...
    (microsoft.public.windows.server.active_directory)