Go
These forums are read-only and considered to be an archive. Please use the new Community for future interaction and posts.

AD integration questions

Hi

My goal is to integrate FileVista with AD running on a windows 2003 system. I have installed and it works fine with the FileVista inbuilt security.

So now I have read some of the other posts and I have turned off anonymous and changed the  web.config to contain

    <authentication mode="Windows" />

    <identity impersonate="true" />    

but when I try and login I get 

Login failed for Windows User "DOMAIN\User" !
There is no FileVista user defined with the same name.

So I define a user in Filvista with the same name and it still fails. 

Do I need a double entry in AD and in FileVista? How to make this work?

Thanks
Cyprien 2/15/2008 6:19 AM
Yes, you need to create a user in FileVista with the same name.

Please make sure that the case of the letters are exactly same. For instance, if the error message says "DOMAIN\User" then create a user named "DOMAIN\User" and not "domain\user".
Cem Alacayir 2/18/2008 4:45 AM
Hi

I tried this and if I set up a paralell user I now get:

Server Error in '/FileVista' Application.
--------------------------------------------------------------------------------

Operation must use an updateable query. 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Data.OleDb.OleDbException: Operation must use an updateable query.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 


[OleDbException (0x80004005): Operation must use an updateable query.]
   System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) +267
   System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) +192
   System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) +48
   System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) +106
   System.Data.OleDb.OleDbCommand.ExecuteNonQuery() +108
   GleamTech.FileVista.OleDbDataManager.ValidateUser(Boolean isTrustedUser, String username, String password) +3170
   GleamTech.FileVista.AuthenticationManager.a(HttpContext A_0) +49
   GleamTech.FileVista.AuthenticationManager.Authenticate(HttpContext context) +164
   GleamTech.FileVista.FileVistaGlobalAsax.Application_AcquireRequestState(Object sender, EventArgs e) +228
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433 
Cyprien 2/25/2008 9:00 AM
This error is caused by the lack of write permissions of the executing identity on the folder (filevista/App_Data/database) that contains the Access database file. 

As you have turned on impersonation, the application is executed within the context of DOMAIN\User and not ASPNET or Network Service users so an impersonated user that is used to log into the application, should have "Modify" permission on this folder.

Note that, the user should also have the same permissions on the root folders that are defined in FileVista.
Cem Alacayir 2/26/2008 12:29 PM
OK

So I have setup filevista with AD integration and pass through authentication. I have mapped some drives on the we server and it works fine with users on client browsers authenticating and using the folders OK.

Now I add a network share (using a UNC path \\server\folder), and I access on the server using the admin account and all is OK.

But... when an ordinary client logs on a message box immediately comes up as he is athenticated saying

"An error occured:

Attempted to access a path that is not on the disk."

This block the previous shares that did work.

Using windows explorer the user has the right AD permissions to access the shares in question.

I must be doing something wrong so help!
Cyprien 3/7/2008 8:25 AM
It seems the client is not a domain user like your admin account thus he can't access the network share. I guess you used your admin account to connect when mapping drives to the network shares, that's why you did not experience any problems with mapped drives.

You can choose a domain user (maybe your admin account) which can access the network share and impersonate that common user instead everytime a user logs on. You can do this with specifying the domain user's credentials in <identity> setting

<identity impersonate="true" userName="CommonDomainUser" password="Password123"/>

So, whoever logs on, CommonDomainUser will be impersonated so you will need to assign permissions only to this user.
Cem Alacayir 3/10/2008 5:16 PM