nightmare with ADAM ldap and roleprovider

microsoft.public.dotnet.security

15 Sep 2005 10:00 PM

steven

What a nightmare! I've spent 5 days trying to get AZMAN and the .net
2.0 activedirectory (for ADAM) membership provider to speak to one
another. Ideally ADAM will be the user/group repository and Azman
will, through LDAP Query Groups, allow for fine grained access
control.. All via .NET 2.0, using Membership provider classes and
controls....

Heres the problem:

I have gotten Azman running in ADAM (Residing on
CN=AzMan,DC=TestApp,DC=com).
Then I instructed ActiveDirectoryMembershipProvider to use
a container, one level deeper than the AzMan store (just for
prototyping purposes) CN=UserStore,CN=AzMan,DC=TestApp,DC=com"/>
(UserStore is just a simple container) [note I've tried many partitions

and configurations and nothing seems to help!]

The Asp.net 2.0 membership provider can create users in this partition
with no problem but it wont let me create roles... (throws an
Exception from HRESULT: 0x8007006E)).

Anyways, the bigger problem I am having is that I want my
ActiveDirectoryMemberShipProvider based code (snippet below) to
construct a clientContext using the SID of the authenticated ADAM user.

Everything seems to work until the point where a clientContext has to
be created and suddenly I'm getting
Exception from HRESULT 'clientContext.UserCanonical' threw an
exception
of type

'System.Runtime.InteropServices.COMException'   string

{System.Runtime.InteropServices.COMException}
"The request is not supported. (Exception from HRESULT:
0x80070032)"}      System.SystemException

{System.Runtime.InteropServices.COMException}

Seems like the ClientContext is improperly constructed. Without a
valid ClientContext the code cannot do any auth checks...   I'm betting

this has to do with the fact that the RoleProvider is unable to create
Roles.

Heres the code, I hope someone can tell me where I'm going wrong...
****

protected void Page_Load(object sender, EventArgs e)
    {
        MembershipUser user =      Membership.GetUser();

        System.Security.Principal.SecurityIdentifier sidValue =

(System.Security.Principal.SecurityIdentifier)user.ProviderUserKey;

     string sid = sidValue.ToString();

    AzAuthorizationStoreClass AzManStore = new
AzAuthorizationStoreClass();
        AzManStore.Initialize(0,

ConfigurationManager.ConnectionStrings["AzManServer"].ConnectionString,

null);
        IAzApplication azApp =
AzManStore.OpenApplication("TestApplicationStore", null);

//until now, other than the inability to call
Roles.CreateRole("TestRole") there are no problems..... Here comes the

problem (symptom?):

        IAzClientContext clientContext =

        azApp.InitializeClientContextFromStringSid(sid,

(int)tagAZ_PROP_CONSTANTS.AZ_CLIENT_CONTEXT_SKIP_GROUP, null);

//now if I try to do:
        Response.Write(clientContext.UserDisplay);

//At this point the ClientContext is not null but is quite useless.

     .......

    }
Any ideas? Is it a bug in my code or config error? A bug in the beta?
The fact that I'm not connected via SSL? A permissions issue of some
sort?