Re: ADAM and IIS auth
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 Jan 2007 11:09:06 -0600
Writing a role provider for ADAM isn't hard. My co-author and I have an
experimental one we've been giving out to people who ask for it. I could
share it if you are interested.
Still, if you really want to do Windows basic auth and use domain accounts,
that's a pretty easy path to take.
The other super fancy approach is to use the ADFS/web single sign on with
MOSS 2007. That gives you the ability to integrate AD and ADAM in a variety
of different and very flexible ways. It is also by far the most complex
approach though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Ted" <spamspamspam@xxxxxxxxx> wrote in message
news:eVa$FE0LHHA.2456@xxxxxxxxxxxxxxxxxxxxxxx
Thanks a bunch Lee!
Yes, it's true that you can use membership providers. However for RBAC in
.NET 2 / MOSS you need a Role provider as well, and Microsoft doesn't
provide one for ADAM. So at this time, I think sticking with AD is the
best option.
R
/ Ted
"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message
news:egzyvvzLHHA.3872@xxxxxxxxxxxxxxxxxxxxxxx
Hi
it's true that there are currently no hooks for IIS to do authentication
against
ADAM in the fashion of Windows Intgerated Authentication against a
domain.
However I believe that the authentication provider model for MOSS 2007 is
more flexible as it is built on ASP.NET 2.0 and so can leverage forms
based
auth. I assume this is what the MOSS 2007 LDAP V3 membership provider
uses, see the documentation around:
http://technet2.microsoft.com/Office/en-us/library/23b837d1-15d9-4621-aa0b-9ce3f1c7153e1033.mspxI
do not have any hard experience to offer on this yet as I'm just
gettiongstarted onMOSS 2007 but googling around there seem to be a number
of folks that haveLDAP auth working. Most seem to be testing against AD
over LDAP so ADAMshould be good too, see comments section of
e.g.:http://www.sharepointblogs.com/helloitsliam/archive/2006/08/15/10027.aspxLee
Flight"Ted" <spamspamspam@xxxxxxxxx> wrote in
messagenews:eSce%23DzLHHA.3588@xxxxxxxxxxxxxxxxxxxxxxx>A customer is
considering using ADAM in conjunction with MOSS 2007. I haveadviced
against it, but I'm not an ADAM expert. So I need to get thishypothesis
confirmed:>> When authenticating against AD or a local machine account
the workerprocess of IIS will be passed security tokens for the user and
for thegroups of which the user is a member. When using ADAM, this is not
possible.Correct?>> Specifically, we are going to use BASIC auth and
nested security groups.>> Any input on ADAM and IIS auth would be really
helpful> / Ted>
.
- Follow-Ups:
- Re: ADAM and IIS auth
- From: Ted
- Re: ADAM and IIS auth
- References:
- ADAM and IIS auth
- From: Ted
- Re: ADAM and IIS auth
- From: Lee Flight
- Re: ADAM and IIS auth
- From: Ted
- ADAM and IIS auth
- Prev by Date: Re: Exchange traffic to GC\DCs
- Next by Date: Re: In domain.company.com "domain" is not technically a child in a single domain 1 DC AD?
- Previous by thread: Re: ADAM and IIS auth
- Next by thread: Re: ADAM and IIS auth
- Index(es):
Relevant Pages
|
