Re: ADSI code that will not work in asp.net
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 10/13/04
- Next message: Mike: "dataset filter question"
- Previous message: Sahil Malik: "Re: Navigate from href in Iframe"
- In reply to: msnews.microsoft.com: "Re: ADSI code that will not work in asp.net"
- Next in thread: Richard Bethell: "Re: ADSI code that will not work in asp.net"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 13 Oct 2004 14:27:35 -0500
You've got a couple of options if you want to this to be dynamic:
- You can change the security context so that a domain user is used. This
will get you a valid domain controller that can be used in a "serverless"
bind and should get you valid credentials that can be used. To do this, you
can either:
Change the process identity for ASP.NET to a domain account, either with the
processModel setting in web.config for IIS5 or the app pool identity for
IIS6, or impersonate a windows user or lace the code in a COM+ dll and set
that up to use a domain identity. Impersonation works well if you are using
Windows auth in your application, but you may have delegation issues with
that. Please read the doc in the link I posted in my other reply.
- You can also specify a domain or domain controller name and put it in
web.config so you can change it at runtime. If you specify a domain name
instead of an actual DC, the underlying system will use DNS to determine a
DC to use at runtime. However, this doesn't solve the credentials problem,
so you may still need to provide those (via config again).
All of the various approaches have good points and bad points. I generally
go with setting values via configuration, but I will use the "security
context" approaches sometimes as well. The important thing to know is WHY
the code works and what it depends on so that when you change something
later, you'll know why it broke.
HTH,
Joe K.
"msnews.microsoft.com" <softdev@spammingisevil.bad> wrote in message
news:uZsrL5UsEHA.2320@TK2MSFTNGP12.phx.gbl...
> Ken Cox [Microsoft MVP] wrote:
>> Is it possible that you are providing credentials to access to ADSI but
>> not to access the remote server itself? At the command line, yours would
>> be passed through. ASP.NET wouldn't do that the same way.
>>
>> Not sure, but I'd look into NetworkCredential Class to get ASP.NET into
>> the machine itself:
>>
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetnetworkcredentialclasstopic.asp
>>
>> Let us know when you get it working?
>>
>> Ken
>
> Thanks for the suggestion. How would you do this if you're not sure which
> AD server is going to be doing the authenticating? There is more than one
> on our network, and I'd hate to have to target it specifically for
> connection.
>
> Richard
- Next message: Mike: "dataset filter question"
- Previous message: Sahil Malik: "Re: Navigate from href in Iframe"
- In reply to: msnews.microsoft.com: "Re: ADSI code that will not work in asp.net"
- Next in thread: Richard Bethell: "Re: ADSI code that will not work in asp.net"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
