RE: [ADSI-DirSrv] LDAP/ADSI small project help!
- Well then maybe that explains what I was seeing yesterday.
Network Service was coming up as the username.
I will enable impersonation and see what I get.
[mailto:ADSIANDDirectoryServices@yahoogroups.com] On Behalf Of Joe Kaplan
Sent: Saturday, October 01, 2005 12:19 AM
Subject: Re: [ADSI-DirSrv] LDAP/ADSI small project help!
The other bigger deal with IWA is that you have a potential double hop issue
with the user's token that will require Kerberos delegation in order for the
user's token to successfully travel from the browser to the web server to
the AD. This trips people up an awful lot. Make sure you enable
impersonation in web.config as well as .NET does not impersonate by default
like ASP does.
Regarding the rest of your plan, S.DS is a good API for building web
applications. The DirectorySearcher is a great improvement over ADO/OLEDB
for LDAP searches.
[Non-text portions of this message have been removed]
- I have an ASP.Net application with a SQL 2000 backend
I have been authenticating against an NT domain and we
are switching to active directory. When we make this
switch we would like to be able to use universal
groups rather than global. I have not had any issue
authentication against the global groups but against
the universal I am getting all kinds of wierd
I have done the following. Please let me know if I am
not doing this correctly of there is some better means
of getting at the universal groups.
In the database I have created logins named
"MyDomain\UniversalGroupName" and placed it in the
appropriate role for the database.
In the application I have created appSettings keys for
the groups so I can access them later in code:
In my application I then use the following code to
check if a user can execute tasks on a page:
Response.Redirect("CustomError?Mess=" & _
The authentication seems to be failing at both the
application and database points. In the database I am
getting permissions failed on stored procedures that
the user should have access to. In the application
the user is able to get to some pages they shouldn't
be able to.
Any help would be appreciated!
Yahoo! for Good
Donate to the Hurricane Katrina relief effort.
- Please disregard the earlier request for help. I
found the errors.....
Yahoo! Mail - PC Magazine Editors' Choice 2005