Home All Groups Group Topic Archive Search About

AzAuthorizationStore.Initialize on ADAM Url throws FileNotFoundException

microsoft.public.dotnet.security
Author
8 Sep 2006 11:43 PM
Jared Warren
I have an ADAM instance with a root of
"CN=TestWithRoles,DC=royalroads,DC=ca" running on a server called
metrocsdev, port 5000. I successfully connect to this remotely using
AdsiEdit. This instance contains an AzMan store, which I have
successfully edited using the AzMan tool. However, when I try running
the following C# code in a console app:

AzAuthorizationStore apps = new AzAuthorizationStoreClass();
apps.Initialize(0,
"msldap://metrocsdev:5000/CN=AzManStore,CN=TestWithRoles,DC=royalroads,DC=ca",
null);

I get a FileNotFoundException: The system cannot find the file
specified. (Exception from HRESULT: 0x80070002). Why is my url not
being parsed correctly?

Thanks for your help.
Jared Warren
Metro Project, Royal Roads University

Author
11 Sep 2006 9:21 PM
Chi-Yan Tong
I have the exact same problem.  Seems like if you add an ADAM user (not
Windows user) to the Role Assignments though the AzRoles API, then you
cannot initialize the AzAuthorizationStore again on the next
application run without getting that error message you mentioned.  This
is because the AzRoles API doesn't recognize the ADAM user SID when
initializing (though it should never need to access that information
upon initialization).

Now, does anybody know how to resolve this issue?  That is, how can we
still call initialize on an AzMan store that has ADAM users assigned to
its roles?

Thanks,
Chi
Author
9 Nov 2006 5:49 PM
Andy H
Chi-Yan,

I think this new hotfix solves your problem:
http://support.microsoft.com/kb/883933
Author
9 Nov 2006 5:43 PM
Andy H
Jared,

I had this same problem. It is a permissions issue. You need to do the
following:

1) In ADSI-Edit, your ADAM partition has a Roles container. Inside that is
Readers. Edit the "members" attribute of Readers, and add whatever AD Groups
and Users will be running your console app. This gives them access to the
ADAM partition.

2) In Authorization Manager, right-click on your store and click Properties,
go to the Security tab. In there, select the Reader role and add the same AD
Users and Groups you added in step 1. This gives them permission to call
AccessCheck.



Post Other interesting topics
Generating RSA key with different public exponent
Encrypt/Decrypt Username Password using Public Key
RSACryptoServiceProvider
Accessing certificate services with .net
security problem with xp_cmdshell
Code Access Security - Evidence
What User/Security Principal Is Needed to Access Network Via Serv
what about LDAP?
IOPermission while saving configuration file
security related topics