Re: Authenticate agains several Active Directory Domains
From: Nicholas Paldino [.NET/C# MVP] (mvp_at_spam.guard.caspershouse.com)
Date: 02/17/05
- Next message: Nicholas Paldino [.NET/C# MVP]: "Re: problem with wmi"
- Previous message: MuZZy: "Re: releaseing unmanaged STL objects"
- In reply to: Marc Eggenberger: "Authenticate agains several Active Directory Domains"
- Next in thread: Willy Denoyette [MVP]: "Re: Authenticate agains several Active Directory Domains"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Feb 2005 09:46:43 -0500
Marc,
I'm not an expert on AD, but I think that the reason your call to get
the DirectoryEntry fails is because by default, the ASP.NET process runs
under the local user ASPNET, which doesn't have network permissions. You
can impersonate another user to run under for this operation. Check out the
documentation for the Impersonate method on the WindowsIdentity class to see
how to do this.
You can also impersonate a user for all the pages in a directory by
setting the <identity> tag in the web.config file for the directory, but
that would mean all pages run as that user, which might not be such a good
idea.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mvp@spam.guard.caspershouse.com
"Marc Eggenberger" <marc.eggenberger@remove.itc.alstom.com> wrote in message
news:MPG.1c7ebb6ffe9d0df29896aa@iww.cacti.ch.alstom.com...
> Hi there.
>
> I have the following environment:
>
> Active Directory running on Windows 2000. There is a root domain called
> ad.sys and within this root domain there are the following subdomains:
>
> dom1.ad.sys
> dom2.ad.sys
> dom3.ad.sys
>
> I need to restrict access to a certain part of a ASP.NET page to some
> admin user and check their password agains the windows domain.
>
> IIS Authentication doesnt seem to be an option, I cant seem to supply
> several domains.
>
> One possilbe way would probably be:
> In the database have a list of names which have access to the admin
> part. When the login name matches one of that list make an connection to
> the domain and check the passwort. Connection could be ldap.
>
> Is this procedure valid? Any other ideas?
>
> If this is a valid way, how do I connect to another domains? If the
> webpage runs in one or none of those domains. I tried
>
>
> System.DirectoryServices.DirectoryEntry de = new DirectoryEntry
> ("ldap://servername/OU=Administrators,OU=Site,OU=Country,DC=dom1,DC=ad,D
> C=sys", "DOM1\ldapuser", "Idontknow");
>
> But when I try to access de.Children I get an error saying
>
> System.Runtime.InteropServices.COMExcpetion ocured in
> system.directoryservices.dll
>
> Additional Information: Unknow error (0x80050000)
>
>
> When I use a ldap client on my workstation which is in neither of these
> domains I can connect and get the data.
>
> Anyone knows whats going on or how I should do this?
>
>
>
>
>
> --
> mfg
> Marc Eggenberger
- Next message: Nicholas Paldino [.NET/C# MVP]: "Re: problem with wmi"
- Previous message: MuZZy: "Re: releaseing unmanaged STL objects"
- In reply to: Marc Eggenberger: "Authenticate agains several Active Directory Domains"
- Next in thread: Willy Denoyette [MVP]: "Re: Authenticate agains several Active Directory Domains"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
