Re: Authenticating Web user and domain User with ADAM

One option here would be to create bind proxy objects for the AD users in
your ADAM. This would allow your web app to do LDAP simple bind operations
for both the ADAM users and AD users and have them both be authenticated.
Bind proxy objects are basically just pointers to a Windows user account.
When ADAM receives a simple bind request for them, it forwards the
authentication to the operating system which then authenticates the user
with their Windows password.

An even easier option is to use ADAM pass through authentication. If your
app sends an LDAP secure bind to ADAM for the AD user, ADAM will forward
that directly to the OS so you don't need a bind proxy.

The tricky part of using pass through auth is that your app needs to issue
two different types of binds: simple bind for ADAM users and secure bind for
AD users. It can be tricky to know when to use which one although there are
ways you can design that (such as by using specific UPN suffixes for one or
the other or just trying both).

The downside with bind proxies is that you have to create those objects in
ADAM AND keep them in sync. The plus side is that simple bind will work for
both types of users.

I think the AD membership provider will only do simple bind or secure bind,
so if you wanted to use it to perform the authentication, bind proxy objects
would likely be the best bet.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"CrisRC600" <crigon@xxxxxxxxx> wrote in message
news:ac5f6418-3e15-43ef-b43d-d6d0eb8e50ba@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all,
I'm trying to build a web application to authenticate users.

I've two scenarios

A - Users are in ADAM OU (most of my users , about 65000)
ex: CN=myUser,OU=41847,OU=Users,O=SistemiWeb

B - Other user are only in my Active Directory (about 250 users)

I would like to give all of them acces to my web apps with their user
name and pwd.

I've looked at ADAM and I'm thinking thad it could accomplish at my
goal, but I'm a beginner whit membership, provider, etc, and I'm not
able to find some clear example on the web.

If anyone could give me a referral I'll be very grateful

(sorry for my english...)


.

Relevant Pages

  • Re: How Redirect ADAM to AD ?
    ... To use a simple bind, you must create bind proxy objects in ADAM for your AD ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... LDAP bind, then a bind proxy is what you want to create. ...
    (microsoft.public.windows.server.active_directory)
  • Re: adam bind-redirect
    ... could benefit from bind redirect/User Proxy Object ... The store for Azman will also be an ADAM. ... > They have there own SSO solution thats similar to forms authentication. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Sign in Problem
    ... Are you trying to do simple bind with a Windows user? ... By default, ADAM can ... exist in the Adam Instance and ist not disabled. ... account is disabled due a password that does not conform to the ...
    (microsoft.public.windows.server.active_directory)
  • Re: How Redirect ADAM to AD ?
    ... If you wish to authenticate your users in AD against ADAM using a simple ... LDAP bind, then a bind proxy is what you want to create. ... In order to be able to authenticate my users with their account AD I ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Proxy Bind re-direction
    ... I would just want to add that if you have added the Windows user to a group an FSP will be created which will represent the Windows user in the directory and you will see be able to use pass through auth. ... Pass-through auth is where you do a secure bind to ADAM with a Windows user's credentials to authenticate an Windows user. ... There are two main reasons to use bind proxy: ...
    (microsoft.public.windows.server.active_directory)
Loading