Loading ...
Sorry, an error occurred while loading the content.

RE: [ADSI-DirSrv] LDAP/ADSI small project help!

Expand Messages
  • Rick Holcomb
    Well then maybe that explains what I was seeing yesterday. Network Service was coming up as the username. I will enable impersonation and see what I get.
    Message 1 of 11 , Oct 1, 2005
    • 0 Attachment
      Well then maybe that explains what I was seeing yesterday.
      Network Service was coming up as the username.
      I will enable impersonation and see what I get.

      Thanks,

      Rick

      -----Original Message-----
      From: ADSIANDDirectoryServices@yahoogroups.com
      [mailto:ADSIANDDirectoryServices@yahoogroups.com] On Behalf Of Joe Kaplan
      Sent: Saturday, October 01, 2005 12:19 AM
      To: ADSIANDDirectoryServices@yahoogroups.com
      Subject: Re: [ADSI-DirSrv] LDAP/ADSI small project help!



      The other bigger deal with IWA is that you have a potential double hop issue

      with the user's token that will require Kerberos delegation in order for the

      user's token to successfully travel from the browser to the web server to
      the AD. This trips people up an awful lot. Make sure you enable
      impersonation in web.config as well as .NET does not impersonate by default
      like ASP does.

      Regarding the rest of your plan, S.DS is a good API for building web
      applications. The DirectorySearcher is a great improvement over ADO/OLEDB
      for LDAP searches.

      Joe K.





      [Non-text portions of this message have been removed]
    • Eva
      I have an ASP.Net application with a SQL 2000 backend I have been authenticating against an NT domain and we are switching to active directory. When we make
      Message 2 of 11 , Oct 3, 2005
      • 0 Attachment
        I have an ASP.Net application with a SQL 2000 backend
        I have been authenticating against an NT domain and we
        are switching to active directory. When we make this
        switch we would like to be able to use universal
        groups rather than global. I have not had any issue
        authentication against the global groups but against
        the universal I am getting all kinds of wierd
        behavior.

        I have done the following. Please let me know if I am
        not doing this correctly of there is some better means
        of getting at the universal groups.

        In the database I have created logins named
        "MyDomain\UniversalGroupName" and placed it in the
        appropriate role for the database.

        In the application I have created appSettings keys for
        the groups so I can access them later in code:
        <appSettings>
        <add key="AppRole"
        value="MyDomain\UniversalGroupName" />
        </appSettings>

        In my application I then use the following code to
        check if a user can execute tasks on a page:
        f Not
        User.IsInRole(ConfigurationSettings.AppSettings("PatReader"))
        Then
        Response.Redirect("CustomError?Mess=" & _

        HttpUtility.UrlEncode("Find Patient"))
        End If

        The authentication seems to be failing at both the
        application and database points. In the database I am
        getting permissions failed on stored procedures that
        the user should have access to. In the application
        the user is able to get to some pages they shouldn't
        be able to.

        Any help would be appreciated!

        Thanks,
        Eva




        ______________________________________________________
        Yahoo! for Good
        Donate to the Hurricane Katrina relief effort.
        http://store.yahoo.com/redcross-donate3/
      • Eva
        Please disregard the earlier request for help. I found the errors..... Eva __________________________________ Yahoo! Mail - PC Magazine Editors Choice 2005
        Message 3 of 11 , Oct 3, 2005
        • 0 Attachment
          Please disregard the earlier request for help. I
          found the errors.....

          Eva



          __________________________________
          Yahoo! Mail - PC Magazine Editors' Choice 2005
          http://mail.yahoo.com
        Your message has been successfully submitted and would be delivered to recipients shortly.