AzMan/ADAM AccessCheck exception

I'm using the example code posted here
http://blogs.msdn.com/azman/archive/...06/591230.aspx to authenticate
users in an ADAM instance and also to query their group membership. I am able
to authenticate a user and get their SID, groupTokens SIDs, and DN, open the
ADAM store to set the IAzApplication2 object, create an emply
IAzClientContext2, ... but when it comes to making the
IAzClientContext2.AccessCheck call I get the following error:

"The security identifier provided does not have a domain component.
(Exception from HRESULT: 0x800704EA)"

I've found that if I manually set the IAzClientContext2.RoleForAccessCheck
property to any value I don't get the error, but I don't get valid data back
either (values of 5 returned for all my resource ids). Even if I could get
this to work, it wouldn't be correct as resource checks should be based upon
the LDAP Application Groups in AzMan combined with the
IAzClientContext2.LDAPQueryDN value, not on RoleForAccessCheck.

My application code is running on a XP SP2 machine on the same domain as the
2003 R2 server where AzMan 5.2 /ADAM 1.1 are running.

Thanks for any suggestions.
Don

You might want to post this question on the platformsdk.security newsgroup
too. I've seen the most AzMan questions get answered there. Most people in
this group have never heard of AzMan.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Don Edwards" <> wrote in message
news:AFBBD9F9-4D67-46E4-926A-...
> I'm using the example code posted here
> http://blogs.msdn.com/azman/archive/...06/591230.aspx to authenticate
> users in an ADAM instance and also to query their group membership. I am
> able
> to authenticate a user and get their SID, groupTokens SIDs, and DN, open
> the
> ADAM store to set the IAzApplication2 object, create an emply
> IAzClientContext2, ... but when it comes to making the
> IAzClientContext2.AccessCheck call I get the following error:
>
> "The security identifier provided does not have a domain component.
> (Exception from HRESULT: 0x800704EA)"
>
> I've found that if I manually set the IAzClientContext2.RoleForAccessCheck
> property to any value I don't get the error, but I don't get valid data
> back
> either (values of 5 returned for all my resource ids). Even if I could get
> this to work, it wouldn't be correct as resource checks should be based
> upon
> the LDAP Application Groups in AzMan combined with the
> IAzClientContext2.LDAPQueryDN value, not on RoleForAccessCheck.
>
> My application code is running on a XP SP2 machine on the same domain as
> the
> 2003 R2 server where AzMan 5.2 /ADAM 1.1 are running.
>
> Thanks for any suggestions.
> Don
>
>

Did you ever find a solution for this?