Re: ADAM

From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 02/11/04

• Next message: Rob Lowe: "Re: 2003 Domain Password Policy with NT 4.0 Workstations"
• Previous message: ray: "JOIN ANOTHER FOREST-tricky!!!"
• In reply to: basin: "ADAM"
• Next in thread: Donna.tidwell: "Re: ADAM"
• Reply: Donna.tidwell: "Re: ADAM"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 11 Feb 2004 12:17:46 -0800

You can not use ADAM for IIS authentication, at least not directly. ADAM
users can not be impersonated by IIS threads (because they are not windows
security principals), and thus, IIS can not log them in its logs. How
exactly do you use ADAM to do authentication?

That said, we are working on a proper solution to use ADAM for IIS
authentication. Not quite there yet.

-- 
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"basin" <donna.tidwell@ipaper.com> wrote in message
news:ed4a01c3f0c4$ce641e70$a601280a@phx.gbl...
> Our web reports have never had any trouble logging and
> reporting on authenticated users when we use nt
> authentication, site server authentication, etc.
> We moved to ADAM, which requires no special setup in IIS,
> and now we cannot track authenticated users in our iis log
> files.
> How can we get ADAM to log user info to iis logs??
> Thanks for any help!

---

• Next message: Rob Lowe: "Re: 2003 Domain Password Policy with NT 4.0 Workstations"
• Previous message: ray: "JOIN ANOTHER FOREST-tricky!!!"
• In reply to: basin: "ADAM"
• Next in thread: Donna.tidwell: "Re: ADAM"
• Reply: Donna.tidwell: "Re: ADAM"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: ADAM ... If you need logon auditing, then ADAM can do this, although it will go into ... Security log, not IIS log. ... >>You can not use ADAM for IIS authentication, ... (microsoft.public.windows.server.active_directory) Re: ADAM ... The IIS website uses an LDAP call to the ADAM server. ... Site Server LDAP call logged to the IIS Log. ... >exactly do you use ADAM to do authentication? ... (microsoft.public.windows.server.active_directory) RE: Microsoft Active Directory security concerns ... with just vanilla MS tools (IIS, AD, ADAM) at your disposal. ... deploying Policy Enforcement Points at appropriate locations e.g. ... IIS or Apache. ... Having the PDPs return policy access & authentication decisions (allow, ... (Security-Basics) Re: ADAM ... therefore they did this special-case tweak that produces an event in IIS ... ADAM, a product which is not at all related to SiteServer, does not ... Site Server's LDAP services put the user> name in the IIS log as the CS_username variable. ... >>>>exactly do you use ADAM to do authentication? ... (microsoft.public.windows.server.active_directory) Re: HELP PLEASE The request failed with HTTP status 401: Access Denied. ... Web Security: Part 2: Introducing the Web Application Manager, Client ... Authentication Options, and Process Isolation ... It introduces the Web Application Manager in IIS that ... logon session, which is dangerous. ... (microsoft.public.dotnet.framework.aspnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)