Re: ADAM and IIS auth

Thanks a bunch Lee!

Yes, it's true that you can use membership providers. However for RBAC in
..NET 2 / MOSS you need a Role provider as well, and Microsoft doesn't
provide one for ADAM. So at this time, I think sticking with AD is the best
option.

R
/ Ted


"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message
news:egzyvvzLHHA.3872@xxxxxxxxxxxxxxxxxxxxxxx
Hi

it's true that there are currently no hooks for IIS to do authentication
against
ADAM in the fashion of Windows Intgerated Authentication against a domain.

However I believe that the authentication provider model for MOSS 2007 is
more flexible as it is built on ASP.NET 2.0 and so can leverage forms
based
auth. I assume this is what the MOSS 2007 LDAP V3 membership provider
uses, see the documentation around:

http://technet2.microsoft.com/Office/en-us/library/23b837d1-15d9-4621-aa0b-9ce3f1c7153e1033.mspxI
do not have any hard experience to offer on this yet as I'm just
gettiongstarted onMOSS 2007 but googling around there seem to be a number
of folks that haveLDAP auth working. Most seem to be testing against AD
over LDAP so ADAMshould be good too, see comments section of
e.g.:http://www.sharepointblogs.com/helloitsliam/archive/2006/08/15/10027.aspxLee
Flight"Ted" <spamspamspam@xxxxxxxxx> wrote in
messagenews:eSce%23DzLHHA.3588@xxxxxxxxxxxxxxxxxxxxxxx>A customer is
considering using ADAM in conjunction with MOSS 2007. I haveadviced
against it, but I'm not an ADAM expert. So I need to get thishypothesis
confirmed:>> When authenticating against AD or a local machine account the
workerprocess of IIS will be passed security tokens for the user and for
thegroups of which the user is a member. When using ADAM, this is not
possible.Correct?>> Specifically, we are going to use BASIC auth and
nested security groups.>> Any input on ADAM and IIS auth would be really
helpful> / Ted>



.

Relevant Pages

  • Re: Authentication Using ADAM ?
    ... Those service all require Windows or Domain authentication by default, ADAM provides ADAM authentication only which is useful inside of ADAM or for applications that don't need Windows auth. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Authentication Using ADAM ?
    ... able to tell me a couple of 3rd party app name those would use ADAM. ... Joe Richards Microsoft MVP Windows Server Directory Services ... ADAM provides ADAM authentication only which is useful inside of ADAM or ... Anything where you can insert yourself into the auth process you have ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM and IIS auth
    ... Writing a role provider for ADAM isn't hard. ... Still, if you really want to do Windows basic auth and use domain accounts, ... it's true that there are currently no hooks for IIS to do authentication ...
    (microsoft.public.windows.server.active_directory)
  • Re: Authenticating Web user and domain User with ADAM
    ... not cover the membership providers for ASP.NET at all. ... If you use bind proxy objects, you'll need a way to get them created in ADAM ... need to sync passwords to ADAM if you use bind proxies. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: adam bind-redirect
    ... a third party doing authentication) then the proxy-redirect isnt an option. ... could benefit from bind redirect/User Proxy Object ... >> Our Adam will have a user store where we put custom user attributes. ... > Integrated authentication gives you a Windows security context ...
    (microsoft.public.windows.server.active_directory)