Re: ADAM

From: Donna.tidwell (anonymous_at_discussions.microsoft.com)
Date: 02/11/04

• Next message: Matthew Tucker: "User Rights"
• Previous message: Dmitri Gavrilov [MSFT]: "Re: Accessing LDAP to connect to ADAM instance"
• In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM"
• Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM"
• Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 11 Feb 2004 13:41:34 -0800

The IIS website uses an LDAP call to the ADAM server. In
the past we used Site Server LDAP to authenticate. The
Site Server LDAP call logged to the IIS Log. We were
wondering if the LDAP call to ADAM could do the same
thing, so we can track authenticated users in our
reporting tool. Any ideas?

>-----Original Message-----
>You can not use ADAM for IIS authentication, at least not
directly. ADAM
>users can not be impersonated by IIS threads (because
they are not windows
>security principals), and thus, IIS can not log them in
its logs. How
>exactly do you use ADAM to do authentication?
>
>That said, we are working on a proper solution to use
ADAM for IIS
>authentication. Not quite there yet.
>
>--
>Dmitri Gavrilov
>SDE, Active Directory Core
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Use of included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm
>
>"basin" <donna.tidwell@ipaper.com> wrote in message
>news:ed4a01c3f0c4$ce641e70$a601280a@phx.gbl...
>> Our web reports have never had any trouble logging and
>> reporting on authenticated users when we use nt
>> authentication, site server authentication, etc.
>> We moved to ADAM, which requires no special setup in
IIS,
>> and now we cannot track authenticated users in our iis
log
>> files.
>> How can we get ADAM to log user info to iis logs??
>> Thanks for any help!
>
>
>.
>

---

• Next message: Matthew Tucker: "User Rights"
• Previous message: Dmitri Gavrilov [MSFT]: "Re: Accessing LDAP to connect to ADAM instance"
• In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM"
• Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM"
• Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: ADAM ... If you need logon auditing, then ADAM can do this, although it will go into ... Security log, not IIS log. ... >>You can not use ADAM for IIS authentication, ... (microsoft.public.windows.server.active_directory) Re: ADAM ... You can not use ADAM for IIS authentication, ... > Our web reports have never had any trouble logging and ... (microsoft.public.windows.server.active_directory) RE: Microsoft Active Directory security concerns ... with just vanilla MS tools (IIS, AD, ADAM) at your disposal. ... deploying Policy Enforcement Points at appropriate locations e.g. ... IIS or Apache. ... Having the PDPs return policy access & authentication decisions (allow, ... (Security-Basics) Re: ADAM ... therefore they did this special-case tweak that produces an event in IIS ... ADAM, a product which is not at all related to SiteServer, does not ... Site Server's LDAP services put the user> name in the IIS log as the CS_username variable. ... >>>>exactly do you use ADAM to do authentication? ... (microsoft.public.windows.server.active_directory) Re: Log Off Button ... If thru unique web/subweb permissions (requiring authentication from the site server) ... status) you can log them out by making the logout kill the session state ... And IIS is using windows ... (microsoft.public.frontpage.programming)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)