Re: ADAM and IIS auth
- From: "Ted" <spamspamspam@xxxxxxxxx>
- Date: Fri, 5 Jan 2007 15:29:57 +0100
Thanks Joe. I'll let you know if we need the role provider - hopefully not.
:)
I like the ADFS idea, it's fancy but as you say, it would be overly complex.
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:u06Pin1LHHA.3552@xxxxxxxxxxxxxxxxxxxxxxx
Writing a role provider for ADAM isn't hard. My co-author and I have an
experimental one we've been giving out to people who ask for it. I could
share it if you are interested.
Still, if you really want to do Windows basic auth and use domain
accounts, that's a pretty easy path to take.
The other super fancy approach is to use the ADFS/web single sign on with
MOSS 2007. That gives you the ability to integrate AD and ADAM in a
variety of different and very flexible ways. It is also by far the most
complex approach though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Ted" <spamspamspam@xxxxxxxxx> wrote in message
news:eVa$FE0LHHA.2456@xxxxxxxxxxxxxxxxxxxxxxx
Thanks a bunch Lee!
Yes, it's true that you can use membership providers. However for RBAC in
.NET 2 / MOSS you need a Role provider as well, and Microsoft doesn't
provide one for ADAM. So at this time, I think sticking with AD is the
best option.
R
/ Ted
"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message
news:egzyvvzLHHA.3872@xxxxxxxxxxxxxxxxxxxxxxx
Hi
it's true that there are currently no hooks for IIS to do authentication
against
ADAM in the fashion of Windows Intgerated Authentication against a
domain.
However I believe that the authentication provider model for MOSS 2007
is
more flexible as it is built on ASP.NET 2.0 and so can leverage forms
based
auth. I assume this is what the MOSS 2007 LDAP V3 membership provider
uses, see the documentation around:
http://technet2.microsoft.com/Office/en-us/library/23b837d1-15d9-4621-aa0b-9ce3f1c7153e1033.mspxI
do not have any hard experience to offer on this yet as I'm just
gettiongstarted onMOSS 2007 but googling around there seem to be a
number of folks that haveLDAP auth working. Most seem to be testing
against AD over LDAP so ADAMshould be good too, see comments section of
e.g.:http://www.sharepointblogs.com/helloitsliam/archive/2006/08/15/10027.aspxLee
Flight"Ted" <spamspamspam@xxxxxxxxx> wrote in
messagenews:eSce%23DzLHHA.3588@xxxxxxxxxxxxxxxxxxxxxxx>A customer is
considering using ADAM in conjunction with MOSS 2007. I haveadviced
against it, but I'm not an ADAM expert. So I need to get thishypothesis
confirmed:>> When authenticating against AD or a local machine account
the workerprocess of IIS will be passed security tokens for the user and
for thegroups of which the user is a member. When using ADAM, this is
not possible.Correct?>> Specifically, we are going to use BASIC auth and
nested security groups.>> Any input on ADAM and IIS auth would be really
helpful> / Ted>
.
- References:
- ADAM and IIS auth
- From: Ted
- Re: ADAM and IIS auth
- From: Lee Flight
- Re: ADAM and IIS auth
- From: Ted
- Re: ADAM and IIS auth
- From: Joe Kaplan
- ADAM and IIS auth
- Prev by Date: Re: delegation enabled on DC
- Next by Date: Re: REPADMIN Command to Force Replication to ALL servers?
- Previous by thread: Re: ADAM and IIS auth
- Next by thread: downgrade internet explorer from sp2 to sp1
- Index(es):
Relevant Pages
|
