Loading ...
Sorry, an error occurred while loading the content.
 

RE: [ADSI-DirSrv] .NET & LDAP

Expand Messages
  • Carlos Magalhaes
    Yes you can do this, and it does make sense, is this application internet based or intranet based (documents online could mean either) because if it was
    Message 1 of 12 , Apr 1, 2003
      Yes you can do this, and it does make sense, is this application internet
      based or intranet based (documents online could mean either) because if it
      was intranet based you could simplify everything and use, NTFS permissions
      along with basic authentication and or Windows Integrated Authentication.



      The reason I am asking you this is if it's an internet based application
      then it's a totally different scenario, and could be complex.



      For example if it was internet based, you could have a customer OU in your
      AD directory that stored all your customers user accounts and groups. When
      the customer hits the application he is required to login, you then search
      for the username (one method not the only of doing some sort of
      authentication) with in the OU or group, if it exists any action that that
      customer tries to perform on the files is done using that username and
      password Using impersonation passed by the log in page.



      I.e. Joe Soap logs in as



      Joes@... <mailto:Joes@...>

      MYPassword.



      He is part of CustomerX OU



      So he is authenticated.



      Joes needs to work on file X and open it so you need to process code block



      Dim strhello as string = "hello"

      Msgbox(strhello)

      'more code to access files



      Now using impersonation you could perform this code as the user logged on
      like the following:



      BeginImpersonation(Joes@...,MyPassword,Domain.com
      <mailto:Joes@...,MyPassword,Domain.com> )

      Dim strhello as string = "hello"

      Msgbox(strhello)

      'more code to access files



      EndImpersonation



      You can then handle exceptions that NTFS permissions on the files throw
      using try catch and finally blocks.



      So , if you set document.doc has NTFS perm for SallyH and Joes tries to
      access it (cause you are using impersonation) it will throw a Sytem.IO
      (depending on how and what you access the file with the errors will change)
      Access Denied" error then you can use try catch finally to catch the
      exception and output You do not have permissions to access this file.





      Does this put some clarification on the issue or have I just made my fingers
      sore by typing this ;-)







      Regards,

      Carlos Magalhaes





      -----Original Message-----
      From: Griffin Caprio [mailto:griffinc18@...]
      Sent: Monday, March 31, 2003 5:20 PM
      To: ADSIANDDirectoryServices@yahoogroups.com
      Subject: RE: [ADSI-DirSrv] .NET & LDAP



      But I need much more than vanilla authentication.



      Here is the situation:



      We currently have a product that allows our customer

      to manage documents online. Currently, our problem

      lies with the fact that we have no complex privilege

      system within accounts. For example:



      A is a midwest manager

      B & C are branches in the midwest



      Right now, under the same account, A, B, & C can see

      all the same documents. What we are looking for is a

      solution that allows for several things:



      1) Since A is the manager, he can see B & C's

      documents.

      2) B & C cannot see each others documents.

      3) Document security can be granted on a per-document

      basis. Jane the VP can see document 1, but Joe the

      sales rep cannot.

      4) Allow for user-defineable groups......

      5) etc....



      I was trying to assess if a directory based solution

      would be a feasible one or not.



      Does that make more sense than my original post?



      -Griffin

      --- Carlos Magalhaes <CarlosM@...> wrote:

      > Griffin,

      >

      >

      >

      > Well if you using ASP.NET why do you want to use

      > ADSI to authenticate your

      > user, is this application going to be on the

      > intranet or extranet.

      >

      >

      >

      > Maybe if you give us some more info of the topology

      > of the application and

      > the final wanted outcome we could advise

      > accordingly.

      >

      >

      >

      > If you where building an intranet I would leave it

      > up to IIS to authenticate

      > your user, it does it already (indirectly) you just

      > have to set the correct

      > settings, no need to do it again.

      >

      >

      >

      > Regards,

      >

      > Carlos Magalhaes

      >

      >

      >

      >

      >

      > -----Original Message-----

      > From: Griffin Caprio [mailto:griffinc18@...]

      > Sent: Thursday, March 27, 2003 3:46 PM

      > To: ADSIANDDirectoryServices@yahoogroups.com

      > Subject: RE: [ADSI-DirSrv] .NET & LDAP

      >

      >

      >

      > Really?

      >

      >

      >

      > Well, it would be for ASP.NET, if that helps.

      >

      >

      >

      > -Griffin

      >

      > --- Carlos Magalhaes <CarlosM@...> wrote:

      >

      > > Is this for ASP.NET , ASP or Windows Forms.

      >

      > >

      >

      > >

      >

      > >

      >

      > > It does make a difference.

      >

      > >

      >

      > >

      >

      > >

      >

      > > Regards,

      >

      > >

      >

      > > Carlos Magalhaes

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > > -----Original Message-----

      >

      > > From: griffinc18 [mailto:griffinc18@...]

      >

      > > Sent: Thursday, March 27, 2003 5:12 AM

      >

      > > To: ADSIANDDirectoryServices@yahoogroups.com

      >

      > > Subject: [ADSI-DirSrv] .NET & LDAP

      >

      > >

      >

      > >

      >

      > >

      >

      > > We are looking to build complex security into our

      >

      > > application, based

      >

      > >

      >

      > > on a hierarchy that can be user defined.

      >

      > >

      >

      > >

      >

      > >

      >

      > > Can anyone point me to some resources that

      > describe

      >

      > > integrating LDAP

      >

      > >

      >

      > > or AD into an applications authentication &

      >

      > > authorization?

      >

      > >

      >

      > >

      >

      > >

      >

      > > Thanks,

      >

      > >

      >

      > > Griffin

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > > To unsubscribe from this group, send an email to:

      >

      > >

      >

      > >

      > ADSIANDDirectoryServices-unsubscribe@yahoogroups.com

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > > Your use of Yahoo! Groups is subject to

      >

      > > http://docs.yahoo.com/info/terms/

      >

      > >

      >

      > >

      >

      > >

      >

      > >

      >

      > > ----------

      >

      > >

      >

      > >

      >

      >

      -------------------------------------------------------------

      >

      > > This email and any files transmitted are

      >

      === message truncated ===





      =====

      Griffin Caprio

      "Your child against mine. The winner

      will be hailed, the loser will be booed

      until my throat hurts!" - Homer Simpson to Marge



      __________________________________________________

      Do you Yahoo!?

      Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!

      http://platinum.yahoo.com








      To unsubscribe from this group, send an email to:

      ADSIANDDirectoryServices-unsubscribe@yahoogroups.com







      Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/




      ----------

      -------------------------------------------------------------
      This email and any files transmitted are
      confidential and intended solely for the
      use of the individual or entity to which
      they are addressed, whose privacy
      should be respected. Any views or
      opinions are solely those of the author
      and do not necessarily represent those
      of the Trencor Group, or any of its
      representatives, unless specifically
      stated.

      Email transmission cannot be guaranteed
      to be secure, error free or without virus
      contamination. The sender therefore
      accepts no liability for any errors or
      omissions in the contents of this message,
      nor for any virus infection that might result
      from opening this message. Trencor is not
      responsible in the event of any third party
      interception of this email.

      If you have received this email in error please notify
      postmaster@... For more information about
      Trencor, visit www.trencor.net <http://www.trencor.net>



      [Non-text portions of this message have been removed]
    • Griffin Caprio
      This is an Internet solution. The solution you describe would work, however, our concept of a document is conceptual, not physical. We wouldn t be accessing
      Message 2 of 12 , Apr 1, 2003
        This is an Internet solution.

        The solution you describe would work, however, our
        concept of a document is conceptual, not physical. We
        wouldn't be accessing the physical document at all.

        I was looking at a directory based solution because I
        thought it could store complex hierarchies of
        relationships that can be queried against.

        Maybe I am trying to jam a square peg into a round
        hole?

        -Griffin
        --- Carlos Magalhaes <CarlosM@...> wrote:
        > Yes you can do this, and it does make sense, is this
        > application internet
        > based or intranet based (documents online could mean
        > either) because if it
        > was intranet based you could simplify everything and
        > use, NTFS permissions
        > along with basic authentication and or Windows
        > Integrated Authentication.
        >
        >
        >
        > The reason I am asking you this is if it's an
        > internet based application
        > then it's a totally different scenario, and could be
        > complex.
        >
        >
        >
        > For example if it was internet based, you could have
        > a customer OU in your
        > AD directory that stored all your customers user
        > accounts and groups. When
        > the customer hits the application he is required to
        > login, you then search
        > for the username (one method not the only of doing
        > some sort of
        > authentication) with in the OU or group, if it
        > exists any action that that
        > customer tries to perform on the files is done using
        > that username and
        > password Using impersonation passed by the log in
        > page.
        >
        >
        >
        > I.e. Joe Soap logs in as
        >
        >
        >
        > Joes@... <mailto:Joes@...>
        >
        > MYPassword.
        >
        >
        >
        > He is part of CustomerX OU
        >
        >
        >
        > So he is authenticated.
        >
        >
        >
        > Joes needs to work on file X and open it so you need
        > to process code block
        >
        >
        >
        > Dim strhello as string = "hello"
        >
        > Msgbox(strhello)
        >
        > 'more code to access files
        >
        >
        >
        > Now using impersonation you could perform this code
        > as the user logged on
        > like the following:
        >
        >
        >
        >
        BeginImpersonation(Joes@...,MyPassword,Domain.com
        > <mailto:Joes@...,MyPassword,Domain.com> )
        >
        > Dim strhello as string = "hello"
        >
        > Msgbox(strhello)
        >
        > 'more code to access files
        >
        >
        >
        > EndImpersonation
        >
        >
        >
        > You can then handle exceptions that NTFS permissions
        > on the files throw
        > using try catch and finally blocks.
        >
        >
        >
        > So , if you set document.doc has NTFS perm for
        > SallyH and Joes tries to
        > access it (cause you are using impersonation) it
        > will throw a Sytem.IO
        > (depending on how and what you access the file with
        > the errors will change)
        > Access Denied" error then you can use try catch
        > finally to catch the
        > exception and output You do not have permissions to
        > access this file.
        >
        >
        >
        >
        >
        > Does this put some clarification on the issue or
        > have I just made my fingers
        > sore by typing this ;-)
        >
        >
        >
        >
        >
        >
        >
        > Regards,
        >
        > Carlos Magalhaes
        >
        >
        >
        >
        >
        > -----Original Message-----
        > From: Griffin Caprio [mailto:griffinc18@...]
        > Sent: Monday, March 31, 2003 5:20 PM
        > To: ADSIANDDirectoryServices@yahoogroups.com
        > Subject: RE: [ADSI-DirSrv] .NET & LDAP
        >
        >
        >
        > But I need much more than vanilla authentication.
        >
        >
        >
        > Here is the situation:
        >
        >
        >
        > We currently have a product that allows our customer
        >
        > to manage documents online. Currently, our problem
        >
        > lies with the fact that we have no complex privilege
        >
        > system within accounts. For example:
        >
        >
        >
        > A is a midwest manager
        >
        > B & C are branches in the midwest
        >
        >
        >
        > Right now, under the same account, A, B, & C can see
        >
        > all the same documents. What we are looking for is
        > a
        >
        > solution that allows for several things:
        >
        >
        >
        > 1) Since A is the manager, he can see B & C's
        >
        > documents.
        >
        > 2) B & C cannot see each others documents.
        >
        > 3) Document security can be granted on a
        > per-document
        >
        > basis. Jane the VP can see document 1, but Joe the
        >
        > sales rep cannot.
        >
        > 4) Allow for user-defineable groups......
        >
        > 5) etc....
        >
        >
        >
        > I was trying to assess if a directory based solution
        >
        > would be a feasible one or not.
        >
        >
        >
        > Does that make more sense than my original post?
        >
        >
        >
        > -Griffin
        >
        > --- Carlos Magalhaes <CarlosM@...> wrote:
        >
        > > Griffin,
        >
        === message truncated ===


        =====
        Griffin Caprio
        "Your child against mine. The winner
        will be hailed, the loser will be booed
        until my throat hurts!" - Homer Simpson to Marge

        __________________________________________________
        Do you Yahoo!?
        Yahoo! Tax Center - File online, calculators, forms, and more
        http://platinum.yahoo.com
      • Carlos Magalhaes
        I don t understand this statement : he solution you describe would work, however, our concept of a document is conceptual, not physical. Could you elaborate
        Message 3 of 12 , Apr 1, 2003
          I don't understand this statement : " he solution you describe would work,
          however, our

          concept of a document is conceptual, not physical."



          Could you elaborate



          Regards,

          Carlos Magalhaes





          -----Original Message-----
          From: Griffin Caprio [mailto:griffinc18@...]
          Sent: Tuesday, April 01, 2003 4:42 PM
          To: ADSIANDDirectoryServices@yahoogroups.com
          Subject: RE: [ADSI-DirSrv] .NET & LDAP



          This is an Internet solution.



          The solution you describe would work, however, our

          concept of a document is conceptual, not physical. We

          wouldn't be accessing the physical document at all.



          I was looking at a directory based solution because I

          thought it could store complex hierarchies of

          relationships that can be queried against.



          Maybe I am trying to jam a square peg into a round

          hole?



          -Griffin

          --- Carlos Magalhaes <CarlosM@...> wrote:

          > Yes you can do this, and it does make sense, is this

          > application internet

          > based or intranet based (documents online could mean

          > either) because if it

          > was intranet based you could simplify everything and

          > use, NTFS permissions

          > along with basic authentication and or Windows

          > Integrated Authentication.

          >

          >

          >

          > The reason I am asking you this is if it's an

          > internet based application

          > then it's a totally different scenario, and could be

          > complex.

          >

          >

          >

          > For example if it was internet based, you could have

          > a customer OU in your

          > AD directory that stored all your customers user

          > accounts and groups. When

          > the customer hits the application he is required to

          > login, you then search

          > for the username (one method not the only of doing

          > some sort of

          > authentication) with in the OU or group, if it

          > exists any action that that

          > customer tries to perform on the files is done using

          > that username and

          > password Using impersonation passed by the log in

          > page.

          >

          >

          >

          > I.e. Joe Soap logs in as

          >

          >

          >

          > Joes@... <mailto:Joes@...>

          >

          > MYPassword.

          >

          >

          >

          > He is part of CustomerX OU

          >

          >

          >

          > So he is authenticated.

          >

          >

          >

          > Joes needs to work on file X and open it so you need

          > to process code block

          >

          >

          >

          > Dim strhello as string = "hello"

          >

          > Msgbox(strhello)

          >

          > 'more code to access files

          >

          >

          >

          > Now using impersonation you could perform this code

          > as the user logged on

          > like the following:

          >

          >

          >

          >

          BeginImpersonation(Joes@...,MyPassword,Domain.com

          > <mailto:Joes@...,MyPassword,Domain.com> )

          >

          > Dim strhello as string = "hello"

          >

          > Msgbox(strhello)

          >

          > 'more code to access files

          >

          >

          >

          > EndImpersonation

          >

          >

          >

          > You can then handle exceptions that NTFS permissions

          > on the files throw

          > using try catch and finally blocks.

          >

          >

          >

          > So , if you set document.doc has NTFS perm for

          > SallyH and Joes tries to

          > access it (cause you are using impersonation) it

          > will throw a Sytem.IO

          > (depending on how and what you access the file with

          > the errors will change)

          > Access Denied" error then you can use try catch

          > finally to catch the

          > exception and output You do not have permissions to

          > access this file.

          >

          >

          >

          >

          >

          > Does this put some clarification on the issue or

          > have I just made my fingers

          > sore by typing this ;-)

          >

          >

          >

          >

          >

          >

          >

          > Regards,

          >

          > Carlos Magalhaes

          >

          >

          >

          >

          >

          > -----Original Message-----

          > From: Griffin Caprio [mailto:griffinc18@...]

          > Sent: Monday, March 31, 2003 5:20 PM

          > To: ADSIANDDirectoryServices@yahoogroups.com

          > Subject: RE: [ADSI-DirSrv] .NET & LDAP

          >

          >

          >

          > But I need much more than vanilla authentication.

          >

          >

          >

          > Here is the situation:

          >

          >

          >

          > We currently have a product that allows our customer

          >

          > to manage documents online. Currently, our problem

          >

          > lies with the fact that we have no complex privilege

          >

          > system within accounts. For example:

          >

          >

          >

          > A is a midwest manager

          >

          > B & C are branches in the midwest

          >

          >

          >

          > Right now, under the same account, A, B, & C can see

          >

          > all the same documents. What we are looking for is

          > a

          >

          > solution that allows for several things:

          >

          >

          >

          > 1) Since A is the manager, he can see B & C's

          >

          > documents.

          >

          > 2) B & C cannot see each others documents.

          >

          > 3) Document security can be granted on a

          > per-document

          >

          > basis. Jane the VP can see document 1, but Joe the

          >

          > sales rep cannot.

          >

          > 4) Allow for user-defineable groups......

          >

          > 5) etc....

          >

          >

          >

          > I was trying to assess if a directory based solution

          >

          > would be a feasible one or not.

          >

          >

          >

          > Does that make more sense than my original post?

          >

          >

          >

          > -Griffin

          >

          > --- Carlos Magalhaes <CarlosM@...> wrote:

          >

          > > Griffin,

          >

          === message truncated ===





          =====

          Griffin Caprio

          "Your child against mine. The winner

          will be hailed, the loser will be booed

          until my throat hurts!" - Homer Simpson to Marge



          __________________________________________________

          Do you Yahoo!?

          Yahoo! Tax Center - File online, calculators, forms, and more

          http://platinum.yahoo.com








          To unsubscribe from this group, send an email to:

          ADSIANDDirectoryServices-unsubscribe@yahoogroups.com







          Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/




          ----------

          -------------------------------------------------------------
          This email and any files transmitted are
          confidential and intended solely for the
          use of the individual or entity to which
          they are addressed, whose privacy
          should be respected. Any views or
          opinions are solely those of the author
          and do not necessarily represent those
          of the Trencor Group, or any of its
          representatives, unless specifically
          stated.

          Email transmission cannot be guaranteed
          to be secure, error free or without virus
          contamination. The sender therefore
          accepts no liability for any errors or
          omissions in the contents of this message,
          nor for any virus infection that might result
          from opening this message. Trencor is not
          responsible in the event of any third party
          interception of this email.

          If you have received this email in error please notify
          postmaster@... For more information about
          Trencor, visit www.trencor.net <http://www.trencor.net>



          [Non-text portions of this message have been removed]
        • Griffin Caprio
          Sure: We have a document distribution service. Clients scan documents into PDF format and upload them into our system. Once in our system, they can deliver
          Message 4 of 12 , Apr 1, 2003
            Sure:

            We have a document distribution service. Clients scan
            documents into PDF format and upload them into our
            system. Once in our system, they can deliver the
            documents to any number of recipients, by a number of
            different means, including Fax & Email.

            One of these means is what we call our 'eBinder'.
            It's an electronic repository of all the documents
            that have been sent to you. If you don't have an
            account for our service, your eBinder is read-only.
            If you decide to sign-up, then you too can route
            documents, including those already in your eBinder.

            So, you can see that a physical document can start
            from company A, then route to B. B can then route it
            to C & D, and so on.

            One document can be in many different 'eBinders' at
            the same time.

            -Griffin


            --- Carlos Magalhaes <CarlosM@...> wrote:
            > I don't understand this statement : " he solution
            > you describe would work,
            > however, our
            >
            > concept of a document is conceptual, not physical."
            >
            >
            >
            > Could you elaborate
            >
            >
            >
            > Regards,
            >
            > Carlos Magalhaes
            >
            >
            >
            >
            >
            > -----Original Message-----
            > From: Griffin Caprio [mailto:griffinc18@...]
            > Sent: Tuesday, April 01, 2003 4:42 PM
            > To: ADSIANDDirectoryServices@yahoogroups.com
            > Subject: RE: [ADSI-DirSrv] .NET & LDAP
            >
            >
            >
            > This is an Internet solution.
            >
            >
            >
            > The solution you describe would work, however, our
            >
            > concept of a document is conceptual, not physical.
            > We
            >
            > wouldn't be accessing the physical document at all.
            >
            >
            >
            > I was looking at a directory based solution because
            > I
            >
            > thought it could store complex hierarchies of
            >
            > relationships that can be queried against.
            >
            >
            >
            > Maybe I am trying to jam a square peg into a round
            >
            > hole?
            >
            >
            >
            > -Griffin
            >
            > --- Carlos Magalhaes <CarlosM@...> wrote:
            >
            > > Yes you can do this, and it does make sense, is
            > this
            >
            > > application internet
            >
            > > based or intranet based (documents online could
            > mean
            >
            > > either) because if it
            >
            > > was intranet based you could simplify everything
            > and
            >
            > > use, NTFS permissions
            >
            > > along with basic authentication and or Windows
            >
            > > Integrated Authentication.
            >
            > >
            >
            > >
            >
            > >
            >
            > > The reason I am asking you this is if it's an
            >
            > > internet based application
            >
            > > then it's a totally different scenario, and could
            > be
            >
            > > complex.
            >
            > >
            >
            > >
            >
            > >
            >
            > > For example if it was internet based, you could
            > have
            >
            > > a customer OU in your
            >
            > > AD directory that stored all your customers user
            >
            > > accounts and groups. When
            >
            > > the customer hits the application he is required
            > to
            >
            > > login, you then search
            >
            > > for the username (one method not the only of doing
            >
            > > some sort of
            >
            > > authentication) with in the OU or group, if it
            >
            > > exists any action that that
            >
            > > customer tries to perform on the files is done
            > using
            >
            > > that username and
            >
            > > password Using impersonation passed by the log in
            >
            > > page.
            >
            > >
            >
            > >
            >
            > >
            >
            > > I.e. Joe Soap logs in as
            >
            > >
            >
            > >
            >
            > >
            >
            > > Joes@... <mailto:Joes@...>
            >
            > >
            >
            > > MYPassword.
            >
            > >
            >
            > >
            >
            > >
            >
            > > He is part of CustomerX OU
            >
            > >
            >
            > >
            >
            > >
            >
            > > So he is authenticated.
            >
            > >
            >
            > >
            >
            > >
            >
            > > Joes needs to work on file X and open it so you
            > need
            >
            > > to process code block
            >
            > >
            >
            > >
            >
            > >
            >
            > > Dim strhello as string = "hello"
            >
            > >
            >
            > > Msgbox(strhello)
            >
            > >
            >
            > > 'more code to access files
            >
            > >
            >
            > >
            >
            > >
            >
            > > Now using impersonation you could perform this
            > code
            >
            === message truncated ===


            =====
            Griffin Caprio
            "Your child against mine. The winner
            will be hailed, the loser will be booed
            until my throat hurts!" - Homer Simpson to Marge

            __________________________________________________
            Do you Yahoo!?
            Yahoo! Tax Center - File online, calculators, forms, and more
            http://platinum.yahoo.com
          • Carlos Magalhaes
            This can be very tricky. You could facilitate this in AD or other LDAP directories but it would cause you more head aches than just storing a Database with
            Message 5 of 12 , Apr 2, 2003
              This can be very tricky.



              You could facilitate this in AD or other LDAP directories but it would cause
              you more head aches than just storing a Database with users accesses to
              different ebinders.



              At times like this you have to look at what is pratcal and what should be
              used, AD can do this by creating your own custom class in the schema to deal
              with this and then creating code to read different attributes for ACL's on
              different ebinders.



              My personal opinion you better off using a database storing the access
              controls lists.



              You could store usernames etc in AD and then save a custom attribute i.e
              accountPrivlageEbinder that stores either a Boolean value false being
              readonly access and true being full access, then in the database you have a
              list of all the documents for different Ebinders with associated usernames,
              All AD would be doing is storing your user database with one custom
              attribute.



              Need more info?



              Regards,

              Carlos Magalhaes





              -----Original Message-----
              From: Griffin Caprio [mailto:griffinc18@...]
              Sent: Tuesday, April 01, 2003 5:10 PM
              To: ADSIANDDirectoryServices@yahoogroups.com
              Subject: RE: [ADSI-DirSrv] .NET & LDAP



              Sure:



              We have a document distribution service. Clients scan

              documents into PDF format and upload them into our

              system. Once in our system, they can deliver the

              documents to any number of recipients, by a number of

              different means, including Fax & Email.



              One of these means is what we call our 'eBinder'.

              It's an electronic repository of all the documents

              that have been sent to you. If you don't have an

              account for our service, your eBinder is read-only.

              If you decide to sign-up, then you too can route

              documents, including those already in your eBinder.



              So, you can see that a physical document can start

              from company A, then route to B. B can then route it

              to C & D, and so on.



              One document can be in many different 'eBinders' at

              the same time.



              -Griffin





              --- Carlos Magalhaes <CarlosM@...> wrote:

              > I don't understand this statement : " he solution

              > you describe would work,

              > however, our

              >

              > concept of a document is conceptual, not physical."

              >

              >

              >

              > Could you elaborate

              >

              >

              >

              > Regards,

              >

              > Carlos Magalhaes

              >

              >

              >

              >

              >

              > -----Original Message-----

              > From: Griffin Caprio [mailto:griffinc18@...]

              > Sent: Tuesday, April 01, 2003 4:42 PM

              > To: ADSIANDDirectoryServices@yahoogroups.com

              > Subject: RE: [ADSI-DirSrv] .NET & LDAP

              >

              >

              >

              > This is an Internet solution.

              >

              >

              >

              > The solution you describe would work, however, our

              >

              > concept of a document is conceptual, not physical.

              > We

              >

              > wouldn't be accessing the physical document at all.

              >

              >

              >

              > I was looking at a directory based solution because

              > I

              >

              > thought it could store complex hierarchies of

              >

              > relationships that can be queried against.

              >

              >

              >

              > Maybe I am trying to jam a square peg into a round

              >

              > hole?

              >

              >

              >

              > -Griffin

              >

              > --- Carlos Magalhaes <CarlosM@...> wrote:

              >

              > > Yes you can do this, and it does make sense, is

              > this

              >

              > > application internet

              >

              > > based or intranet based (documents online could

              > mean

              >

              > > either) because if it

              >

              > > was intranet based you could simplify everything

              > and

              >

              > > use, NTFS permissions

              >

              > > along with basic authentication and or Windows

              >

              > > Integrated Authentication.

              >

              > >

              >

              > >

              >

              > >

              >

              > > The reason I am asking you this is if it's an

              >

              > > internet based application

              >

              > > then it's a totally different scenario, and could

              > be

              >

              > > complex.

              >

              > >

              >

              > >

              >

              > >

              >

              > > For example if it was internet based, you could

              > have

              >

              > > a customer OU in your

              >

              > > AD directory that stored all your customers user

              >

              > > accounts and groups. When

              >

              > > the customer hits the application he is required

              > to

              >

              > > login, you then search

              >

              > > for the username (one method not the only of doing

              >

              > > some sort of

              >

              > > authentication) with in the OU or group, if it

              >

              > > exists any action that that

              >

              > > customer tries to perform on the files is done

              > using

              >

              > > that username and

              >

              > > password Using impersonation passed by the log in

              >

              > > page.

              >

              > >

              >

              > >

              >

              > >

              >

              > > I.e. Joe Soap logs in as

              >

              > >

              >

              > >

              >

              > >

              >

              > > Joes@... <mailto:Joes@...>

              >

              > >

              >

              > > MYPassword.

              >

              > >

              >

              > >

              >

              > >

              >

              > > He is part of CustomerX OU

              >

              > >

              >

              > >

              >

              > >

              >

              > > So he is authenticated.

              >

              > >

              >

              > >

              >

              > >

              >

              > > Joes needs to work on file X and open it so you

              > need

              >

              > > to process code block

              >

              > >

              >

              > >

              >

              > >

              >

              > > Dim strhello as string = "hello"

              >

              > >

              >

              > > Msgbox(strhello)

              >

              > >

              >

              > > 'more code to access files

              >

              > >

              >

              > >

              >

              > >

              >

              > > Now using impersonation you could perform this

              > code

              >

              === message truncated ===





              =====

              Griffin Caprio

              "Your child against mine. The winner

              will be hailed, the loser will be booed

              until my throat hurts!" - Homer Simpson to Marge



              __________________________________________________

              Do you Yahoo!?

              Yahoo! Tax Center - File online, calculators, forms, and more

              http://platinum.yahoo.com






              To unsubscribe from this group, send an email to:

              ADSIANDDirectoryServices-unsubscribe@yahoogroups.com







              Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/




              ----------

              -------------------------------------------------------------
              This email and any files transmitted are
              confidential and intended solely for the
              use of the individual or entity to which
              they are addressed, whose privacy
              should be respected. Any views or
              opinions are solely those of the author
              and do not necessarily represent those
              of the Trencor Group, or any of its
              representatives, unless specifically
              stated.

              Email transmission cannot be guaranteed
              to be secure, error free or without virus
              contamination. The sender therefore
              accepts no liability for any errors or
              omissions in the contents of this message,
              nor for any virus infection that might result
              from opening this message. Trencor is not
              responsible in the event of any third party
              interception of this email.

              If you have received this email in error please notify
              postmaster@... For more information about
              Trencor, visit www.trencor.net <http://www.trencor.net>



              [Non-text portions of this message have been removed]
            • Griffin Caprio
              Argh.... I think you are right.... Things are going to get real tricky when users can specify their own groups, like My Cool Reps . Also, there are a ton of
              Message 6 of 12 , Apr 2, 2003
                Argh.... I think you are right....

                Things are going to get real tricky when users can
                specify their own groups, like "My Cool Reps". Also,
                there are a ton of other functions that I haven't gone
                over would need to "hook" into the system.

                Looks like we are going to have to write a lot of
                custom stuff.

                Thanks for the help, though.

                -Griffin
                --- Carlos Magalhaes <CarlosM@...> wrote:
                > This can be very tricky.
                >
                >
                >
                > You could facilitate this in AD or other LDAP
                > directories but it would cause
                > you more head aches than just storing a Database
                > with users accesses to
                > different ebinders.
                >
                >
                >
                > At times like this you have to look at what is
                > pratcal and what should be
                > used, AD can do this by creating your own custom
                > class in the schema to deal
                > with this and then creating code to read different
                > attributes for ACL's on
                > different ebinders.
                >
                >
                >
                > My personal opinion you better off using a database
                > storing the access
                > controls lists.
                >
                >
                >
                > You could store usernames etc in AD and then save a
                > custom attribute i.e
                > accountPrivlageEbinder that stores either a Boolean
                > value false being
                > readonly access and true being full access, then in
                > the database you have a
                > list of all the documents for different Ebinders
                > with associated usernames,
                > All AD would be doing is storing your user database
                > with one custom
                > attribute.
                >
                >
                >
                > Need more info?
                >
                >
                >
                > Regards,
                >
                > Carlos Magalhaes
                >
                >
                >
                >
                >
                > -----Original Message-----
                > From: Griffin Caprio [mailto:griffinc18@...]
                > Sent: Tuesday, April 01, 2003 5:10 PM
                > To: ADSIANDDirectoryServices@yahoogroups.com
                > Subject: RE: [ADSI-DirSrv] .NET & LDAP
                >
                >
                >
                > Sure:
                >
                >
                >
                > We have a document distribution service. Clients
                > scan
                >
                > documents into PDF format and upload them into our
                >
                > system. Once in our system, they can deliver the
                >
                > documents to any number of recipients, by a number
                > of
                >
                > different means, including Fax & Email.
                >
                >
                >
                > One of these means is what we call our 'eBinder'.
                >
                > It's an electronic repository of all the documents
                >
                > that have been sent to you. If you don't have an
                >
                > account for our service, your eBinder is read-only.
                >
                > If you decide to sign-up, then you too can route
                >
                > documents, including those already in your eBinder.
                >
                >
                >
                > So, you can see that a physical document can start
                >
                > from company A, then route to B. B can then route
                > it
                >
                > to C & D, and so on.
                >
                >
                >
                > One document can be in many different 'eBinders' at
                >
                > the same time.
                >
                >
                >
                > -Griffin
                >
                >
                >
                >
                >
                > --- Carlos Magalhaes <CarlosM@...> wrote:
                >
                > > I don't understand this statement : " he solution
                >
                > > you describe would work,
                >
                > > however, our
                >
                > >
                >
                > > concept of a document is conceptual, not
                > physical."
                >
                > >
                >
                > >
                >
                > >
                >
                > > Could you elaborate
                >
                > >
                >
                > >
                >
                > >
                >
                > > Regards,
                >
                > >
                >
                > > Carlos Magalhaes
                >
                > >
                >
                > >
                >
                > >
                >
                > >
                >
                > >
                >
                > > -----Original Message-----
                >
                > > From: Griffin Caprio [mailto:griffinc18@...]
                >
                >
                > > Sent: Tuesday, April 01, 2003 4:42 PM
                >
                > > To: ADSIANDDirectoryServices@yahoogroups.com
                >
                > > Subject: RE: [ADSI-DirSrv] .NET & LDAP
                >
                > >
                >
                > >
                >
                > >
                >
                > > This is an Internet solution.
                >
                > >
                >
                > >
                >
                > >
                >
                > > The solution you describe would work, however, our
                >
                > >
                >
                > > concept of a document is conceptual, not physical.
                >
                >
                > > We
                >
                > >
                >
                > > wouldn't be accessing the physical document at
                > all.
                >
                > >
                >
                > >
                >
                >
                === message truncated ===


                =====
                Griffin Caprio
                "Your child against mine. The winner
                will be hailed, the loser will be booed
                until my throat hurts!" - Homer Simpson to Marge

                __________________________________________________
                Do you Yahoo!?
                Yahoo! Tax Center - File online, calculators, forms, and more
                http://tax.yahoo.com
              • Carlos Magalhaes
                Not a problem, AD is very customizable but, when it comes to practicality and maintenance I would say you better off with SQL in this case. Sorry about that!
                Message 7 of 12 , Apr 2, 2003
                  Not a problem,



                  AD is very customizable but, when it comes to practicality and maintenance I
                  would say you better off with SQL in this case.



                  Sorry about that!



                  Regards,

                  Carlos Magalhaes





                  -----Original Message-----
                  From: Griffin Caprio [mailto:griffinc18@...]
                  Sent: Wednesday, April 02, 2003 5:10 PM
                  To: ADSIANDDirectoryServices@yahoogroups.com
                  Subject: RE: [ADSI-DirSrv] .NET & LDAP



                  Argh.... I think you are right....



                  Things are going to get real tricky when users can

                  specify their own groups, like "My Cool Reps". Also,

                  there are a ton of other functions that I haven't gone

                  over would need to "hook" into the system.



                  Looks like we are going to have to write a lot of

                  custom stuff.



                  Thanks for the help, though.



                  -Griffin

                  --- Carlos Magalhaes <CarlosM@...> wrote:

                  > This can be very tricky.

                  >

                  >

                  >

                  > You could facilitate this in AD or other LDAP

                  > directories but it would cause

                  > you more head aches than just storing a Database

                  > with users accesses to

                  > different ebinders.

                  >

                  >

                  >

                  > At times like this you have to look at what is

                  > pratcal and what should be

                  > used, AD can do this by creating your own custom

                  > class in the schema to deal

                  > with this and then creating code to read different

                  > attributes for ACL's on

                  > different ebinders.

                  >

                  >

                  >

                  > My personal opinion you better off using a database

                  > storing the access

                  > controls lists.

                  >

                  >

                  >

                  > You could store usernames etc in AD and then save a

                  > custom attribute i.e

                  > accountPrivlageEbinder that stores either a Boolean

                  > value false being

                  > readonly access and true being full access, then in

                  > the database you have a

                  > list of all the documents for different Ebinders

                  > with associated usernames,

                  > All AD would be doing is storing your user database

                  > with one custom

                  > attribute.

                  >

                  >

                  >

                  > Need more info?

                  >

                  >

                  >

                  > Regards,

                  >

                  > Carlos Magalhaes

                  >

                  >

                  >

                  >

                  >

                  > -----Original Message-----

                  > From: Griffin Caprio [mailto:griffinc18@...]

                  > Sent: Tuesday, April 01, 2003 5:10 PM

                  > To: ADSIANDDirectoryServices@yahoogroups.com

                  > Subject: RE: [ADSI-DirSrv] .NET & LDAP

                  >

                  >

                  >

                  > Sure:

                  >

                  >

                  >

                  > We have a document distribution service. Clients

                  > scan

                  >

                  > documents into PDF format and upload them into our

                  >

                  > system. Once in our system, they can deliver the

                  >

                  > documents to any number of recipients, by a number

                  > of

                  >

                  > different means, including Fax & Email.

                  >

                  >

                  >

                  > One of these means is what we call our 'eBinder'.

                  >

                  > It's an electronic repository of all the documents

                  >

                  > that have been sent to you. If you don't have an

                  >

                  > account for our service, your eBinder is read-only.

                  >

                  > If you decide to sign-up, then you too can route

                  >

                  > documents, including those already in your eBinder.

                  >

                  >

                  >

                  > So, you can see that a physical document can start

                  >

                  > from company A, then route to B. B can then route

                  > it

                  >

                  > to C & D, and so on.

                  >

                  >

                  >

                  > One document can be in many different 'eBinders' at

                  >

                  > the same time.

                  >

                  >

                  >

                  > -Griffin

                  >

                  >

                  >

                  >

                  >

                  > --- Carlos Magalhaes <CarlosM@...> wrote:

                  >

                  > > I don't understand this statement : " he solution

                  >

                  > > you describe would work,

                  >

                  > > however, our

                  >

                  > >

                  >

                  > > concept of a document is conceptual, not

                  > physical."

                  >

                  > >

                  >

                  > >

                  >

                  > >

                  >

                  > > Could you elaborate

                  >

                  > >

                  >

                  > >

                  >

                  > >

                  >

                  > > Regards,

                  >

                  > >

                  >

                  > > Carlos Magalhaes

                  >

                  > >

                  >

                  > >

                  >

                  > >

                  >

                  > >

                  >

                  > >

                  >

                  > > -----Original Message-----

                  >

                  > > From: Griffin Caprio [mailto:griffinc18@...]

                  >

                  >

                  > > Sent: Tuesday, April 01, 2003 4:42 PM

                  >

                  > > To: ADSIANDDirectoryServices@yahoogroups.com

                  >

                  > > Subject: RE: [ADSI-DirSrv] .NET & LDAP

                  >

                  > >

                  >

                  > >

                  >

                  > >

                  >

                  > > This is an Internet solution.

                  >

                  > >

                  >

                  > >

                  >

                  > >

                  >

                  > > The solution you describe would work, however, our

                  >

                  > >

                  >

                  > > concept of a document is conceptual, not physical.

                  >

                  >

                  > > We

                  >

                  > >

                  >

                  > > wouldn't be accessing the physical document at

                  > all.

                  >

                  > >

                  >

                  > >

                  >

                  >

                  === message truncated ===





                  =====

                  Griffin Caprio

                  "Your child against mine. The winner

                  will be hailed, the loser will be booed

                  until my throat hurts!" - Homer Simpson to Marge



                  __________________________________________________

                  Do you Yahoo!?

                  Yahoo! Tax Center - File online, calculators, forms, and more

                  http://tax.yahoo.com








                  To unsubscribe from this group, send an email to:

                  ADSIANDDirectoryServices-unsubscribe@yahoogroups.com







                  Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/




                  ----------

                  -------------------------------------------------------------
                  This email and any files transmitted are
                  confidential and intended solely for the
                  use of the individual or entity to which
                  they are addressed, whose privacy
                  should be respected. Any views or
                  opinions are solely those of the author
                  and do not necessarily represent those
                  of the Trencor Group, or any of its
                  representatives, unless specifically
                  stated.

                  Email transmission cannot be guaranteed
                  to be secure, error free or without virus
                  contamination. The sender therefore
                  accepts no liability for any errors or
                  omissions in the contents of this message,
                  nor for any virus infection that might result
                  from opening this message. Trencor is not
                  responsible in the event of any third party
                  interception of this email.

                  If you have received this email in error please notify
                  postmaster@... For more information about
                  Trencor, visit www.trencor.net <http://www.trencor.net>



                  [Non-text portions of this message have been removed]
                • Griffin Caprio
                  The one bright side is that .NET has some easy and powerful security classes that we can use. It s just the management....... -Griffin ... === message
                  Message 8 of 12 , Apr 2, 2003
                    The one bright side is that .NET has some easy and
                    powerful security classes that we can use.

                    It's just the management.......

                    -Griffin
                    --- Carlos Magalhaes <CarlosM@...> wrote:
                    > Not a problem,
                    >
                    >
                    >
                    > AD is very customizable but, when it comes to
                    > practicality and maintenance I
                    > would say you better off with SQL in this case.
                    >
                    >
                    >
                    > Sorry about that!
                    >
                    >
                    >
                    > Regards,
                    >
                    > Carlos Magalhaes
                    >
                    >
                    >
                    >
                    >
                    > -----Original Message-----
                    > From: Griffin Caprio [mailto:griffinc18@...]
                    > Sent: Wednesday, April 02, 2003 5:10 PM
                    > To: ADSIANDDirectoryServices@yahoogroups.com
                    > Subject: RE: [ADSI-DirSrv] .NET & LDAP
                    >
                    >
                    >
                    > Argh.... I think you are right....
                    >
                    >
                    >
                    > Things are going to get real tricky when users can
                    >
                    > specify their own groups, like "My Cool Reps".
                    > Also,
                    >
                    > there are a ton of other functions that I haven't
                    > gone
                    >
                    > over would need to "hook" into the system.
                    >
                    >
                    >
                    > Looks like we are going to have to write a lot of
                    >
                    > custom stuff.
                    >
                    >
                    >
                    > Thanks for the help, though.
                    >
                    >
                    >
                    > -Griffin
                    >
                    > --- Carlos Magalhaes <CarlosM@...> wrote:
                    >
                    > > This can be very tricky.
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > You could facilitate this in AD or other LDAP
                    >
                    > > directories but it would cause
                    >
                    > > you more head aches than just storing a Database
                    >
                    > > with users accesses to
                    >
                    > > different ebinders.
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > At times like this you have to look at what is
                    >
                    > > pratcal and what should be
                    >
                    > > used, AD can do this by creating your own custom
                    >
                    > > class in the schema to deal
                    >
                    > > with this and then creating code to read different
                    >
                    > > attributes for ACL's on
                    >
                    > > different ebinders.
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > My personal opinion you better off using a
                    > database
                    >
                    > > storing the access
                    >
                    > > controls lists.
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > You could store usernames etc in AD and then save
                    > a
                    >
                    > > custom attribute i.e
                    >
                    > > accountPrivlageEbinder that stores either a
                    > Boolean
                    >
                    > > value false being
                    >
                    > > readonly access and true being full access, then
                    > in
                    >
                    > > the database you have a
                    >
                    > > list of all the documents for different Ebinders
                    >
                    > > with associated usernames,
                    >
                    > > All AD would be doing is storing your user
                    > database
                    >
                    > > with one custom
                    >
                    > > attribute.
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > Need more info?
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > Regards,
                    >
                    > >
                    >
                    > > Carlos Magalhaes
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > -----Original Message-----
                    >
                    > > From: Griffin Caprio [mailto:griffinc18@...]
                    >
                    >
                    > > Sent: Tuesday, April 01, 2003 5:10 PM
                    >
                    > > To: ADSIANDDirectoryServices@yahoogroups.com
                    >
                    > > Subject: RE: [ADSI-DirSrv] .NET & LDAP
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > Sure:
                    >
                    > >
                    >
                    > >
                    >
                    > >
                    >
                    > > We have a document distribution service. Clients
                    >
                    > > scan
                    >
                    === message truncated ===


                    =====
                    Griffin Caprio
                    "Your child against mine. The winner
                    will be hailed, the loser will be booed
                    until my throat hurts!" - Homer Simpson to Marge

                    __________________________________________________
                    Do you Yahoo!?
                    Yahoo! Tax Center - File online, calculators, forms, and more
                    http://tax.yahoo.com
                  Your message has been successfully submitted and would be delivered to recipients shortly.