Re: Urgent: Connecting to active directory using cached credentials
From: Scott Allen (bitmask_at_[nospam)
Date: 10/07/04
- Next message: David L: "RE: Referencing the Machine Config file"
- Previous message: Craig Kenisston: "HTML code warnings in asp.net html code view"
- In reply to: Chris L: "Urgent: Connecting to active directory using cached credentials"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 07 Oct 2004 10:58:39 -0400
Hi Chris:
The problem you are probably facing is the one hop limit of NTLM
authentication. The user's credentials make one hop from the browser
to the web server, and the web server can use those credentials
impersonate the user on the web server. However, the server cannot use
those credentials to make a second hop to the AD controller.
One way around this is to move up one step from impersonation to
delegation.
See:
How To Configure an ASP.NET Application for a Delegation Scenario.
http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
HTH
-- Scott http://www.OdeToCode.com/ On Wed, 6 Oct 2004 23:28:48 -0700, "Chris L" <ripandburn@hotmail.com> wrote: >Hello, > > I'm hoping to find out if it is possible to connect >within an ASP.NET application to Active Directory with >the credentials of the person who accessed the ASP.NET >application via IIS, using windows integrated >authentication. > >I've tried using ADO, ADSI, and Directory Services, but I >have yet to find a way to connect to active directory >with the security token created by IIS, when the user >accesses the ASP.NET application with windows integrated >authentication. > >Being able to do this is a pretty urgent problem, so any >help anyone could provide would be extremely appreciated. > >Thank you! >-Chris
- Next message: David L: "RE: Referencing the Machine Config file"
- Previous message: Craig Kenisston: "HTML code warnings in asp.net html code view"
- In reply to: Chris L: "Urgent: Connecting to active directory using cached credentials"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
