I have successfully used the Windows program to successfully create a group of domain accounts with mailboxes, but when I handed this code to me (she is responsible for developing web applications) to the ASP.NET, they can only Create a domain account and cannot create a mailbox. why?
We consulted Microsoft engineers, he told us that this is because the permissions of ASP.NET are not enough, we should simulate users in ASP.NET, which can be created successfully.
I will pick Microsoft's related articles:
Analog IIS verification account or user
To simulate the Microsoft Internet Information Service (IIS) authentication user when receiving each request in the ASP.NET application, you must include the
Simulate specific users for all requests for ASP.NET applications
To simulate a specific user for all requests on all pages of the ASP.NET application, you can specify the username and password properties in the
Note: The identity of the process of simulating a particular user on the thread must have an "part of the operating system" permission. By default, the ASPNET_WP.EXE process runs under the computer account called ASPNET. However, this account does not simulate the permissions required for a specific user. If you try to simulate a specific user, an error message will appear.
To resolve this issue, use one of the following methods:
•
Grant "as part of the operating system" permission for the ASPNET account (the lowest permission account).
Note: Although this method can solve the problem, Microsoft does not recommend this method.
•
In the
Simulate authentication user in your code
To simulate the authentication user (user.Identity) only when run the code specific part, you can use the following code. This method requires authentication of the type of user ID to WindowsIdentity.
Visual Basic .NET
Dim impersonationContext As System.Security.Principal.WindowsImpersonationContextDim currentWindowsIdentity As System.Security.Principal.WindowsIdentitycurrentWindowsIdentity = CType (User.Identity, System.Security.Principal.WindowsIdentity) impersonationContext = currentWindowsIdentity.Impersonate () 'Insert your code that runs under the security Context of the Authenticating User Here.impersonationContext.undo ()
Visual C # .net
System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext = ((System.Security.Principal.WindowsIdentity) User.Identity) .Impersonate (); // Insert your code that runs under the security context of the authenticating user here.impersonationContext.Undo (); Visual J # .NET
System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext = ((System.Security.Principal.WindowsIdentity) get_User () get_Identity ().) Impersonate ();. // Insert your code that runs under the security context of the authenticating user here .impersonationContext.undo ();
Simulate specific users in your code
To simulate a specific user only while running the code specific part, use the following code:
Visual Basic .NET
<% @ Page language = "VB"%> <% @ Import namespace = "system.Web"%> <% @ import namespace = "system.Web.security"%> <% @ import namespace = "system.security. Principal "%> <% @ Import Namespace =" System.Runtime.InteropServices "%>
