|
Posted by Mike on June 14, 2005, 1:07 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
I am having problems accessing Active Directory from VBscript in an ASP web
application when it is configured for smartcards using Directory Service
certificate mapping. The system scenario is as follows.
Server 1 - W2K3 Server as Domain Controller with Active Directory
Server 2 - W2K3 Server running IIS 6.0 and Exchange 2K3 Server
Client 1 - W2K3 Server as client with CAC smartcard and IE 6
IIS is configured for Directory Service mapping, SSL, "Enable client
certificate mapping" and Accept Client certificate.
The client uses a CAC smartcard to logon and invokes a Web application on
Server 2 via IE 6.
Web app on Server 2 loads ASP page using VBScript to call
GetObject("LDAP://CN=client1,CN=Users,DC=SERVER1,DC=COM") on User object to
retrieve user attributes.
GetObject fails with Err.Number = -2147016672 (0x80072020 -
ERROR_DS_OPERATIONS_ERROR)
In IIS Mgr properties for web app Virtual Directory, select Security/Edit
and uncheck "Enable client certificate mapping".
Now the user is prompted for username and password and GetObject succeeds.
Does anybody have any ideas?
PS I am told that if IIS cert mapping is used instead of DS mapping, it
works OK.
Thanks,
MikeC
| 
XML site map