|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Active Directory and ASP.NET 2.0Hi -
I am successfully able to retrieve tokenGroups data for a given sAmAccountName from a .NET 2.0 web page. However, I'm still in test mode on my own machine. What will I need to do to access AD from the web page when it goes out on a corporate IIS server? Do I need to use a specific account when creating the DirectoryEntry object? This is for an intranet website using Windows authentication so I'll know that any users are members of AD. Thanks It is vastly easier in ASP.NET 2.0 to get the user's group membership
directly from the WindowsIdentity object you get as a result of using Windows authentication. Just cast Context.User.Identity to a WindowsIdentity and read the Groups property! You can easily translate all of those into friendly names using the IdentityReferenceCollection.Translate method. You can also use the WindowsPrincipal.IsInRole method to get a true/false answer as to whether a user is in any particular group. Another option if you are using membership is to use the windows token role provider that comes with ASP.NET. If you must do LDAP, then you have a variety of different options available to you, depending on whether you want to use the authenticated user's security context to access AD (a delegation architecture) or whether you want to use a service account (a trusted subsystem architecture). We go into all of this stuff in great detail in our book in ch 8 if you are interested. I can also help out here if you want to pursue this further, but hopefully you won't need to. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "NancyA" <anonym***@discussions.microsoft.com> wrote in message news:D051F753-FF24-4278-B773-9B4C023796E6@microsoft.com... > Hi - > I am successfully able to retrieve tokenGroups data for a given > sAmAccountName from a .NET 2.0 web page. However, I'm still in test mode > on > my own machine. What will I need to do to access AD from the web page > when > it goes out on a corporate IIS server? Do I need to use a specific > account > when creating the DirectoryEntry object? This is for an intranet website > using Windows authentication so I'll know that any users are members of > AD. > > Thanks Gee, that was really easy! Thanks for the very clear response. I am now
using WindowsIdentity and WindowsPrincipal.IsInRole and it works beautifully without needing to go to LDAP! Show quoteHide quote "NancyA" wrote: > Hi - > I am successfully able to retrieve tokenGroups data for a given > sAmAccountName from a .NET 2.0 web page. However, I'm still in test mode on > my own machine. What will I need to do to access AD from the web page when > it goes out on a corporate IIS server? Do I need to use a specific account > when creating the DirectoryEntry object? This is for an intranet website > using Windows authentication so I'll know that any users are members of AD. > > Thanks Glad that helped. It only works when you can use Windows authentication,
but when you can, it works much better. :) Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "NancyA" <anonym***@discussions.microsoft.com> wrote in message news:9A91D294-3964-4FD4-91C0-D5A406CC557C@microsoft.com... > Gee, that was really easy! Thanks for the very clear response. I am now > using WindowsIdentity and WindowsPrincipal.IsInRole and it works > beautifully > without needing to go to LDAP! > > "NancyA" wrote: > >> Hi - >> I am successfully able to retrieve tokenGroups data for a given >> sAmAccountName from a .NET 2.0 web page. However, I'm still in test mode >> on >> my own machine. What will I need to do to access AD from the web page >> when >> it goes out on a corporate IIS server? Do I need to use a specific >> account >> when creating the DirectoryEntry object? This is for an intranet website >> using Windows authentication so I'll know that any users are members of >> AD. >> >> Thanks 
Other interesting topics
Need advise...
Import SIMPLEBLOB session key into .NET? [assembly: SecurityPermission] question Trust relationship exception Bad Data with DES Decryption https and httplistener Microsoft CryptoAPI CSP Availability SignedXml, X509Certificate2 and certificates with *Strong* protection Where to store log file ? Security settings for Folder |
|||||||||||||||||||||||
