|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Authorization Manager ProblemHi.
I have a scenario where I am using Azman, with the store in an Active Directory Domain controller. I have assigned "Anonymous logon" as a AzMan-reader. I can easily connect to the store using the .net interop, from within the domain. However I can't connect from a (non-domain) IIS in the DMZ, even though I've allowed anonymous access to the store. It's not a networking problem, as I get an errormessage from the Domain Controller, saying that the supplied password is inccorect, even though I haven't supplied a password, nor have any way of doing it. Is it possible to connect to an AD-backed AzMan-store from a non-domain server? /Peter You may also need to enable anonymous searches in general in AD. This is
not allowed by default in AD 2003. Thus, even if you ACL certain objects to allow anonymous access, AD will fail the operation when you try to do any search at all if you haven't executed a bind. If you want to try changing this, there is a flag on dsHeuristics (#7) you need to set. If it were my AD, I wouldn't do that though, as it weakens the security of the whole directory. It may also be the case the AzMan doesn't know how to do an anonymous LDAP query in the first place and always attempts to bind with the current security context, in which case you are kind of screwed, since that isn't a domain account. I'm not sure about that though as I'm not an AzMan expert. I hope you find a solution. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "Peter Sahl" <PeterS***@discussions.microsoft.com> wrote in message news:5392C56B-B86A-43BA-8896-C5BCCFC046E7@microsoft.com... > Hi. > > I have a scenario where I am using Azman, with the store in an Active > Directory Domain controller. I have assigned "Anonymous logon" as a > AzMan-reader. > > I can easily connect to the store using the .net interop, from within the > domain. However I can't connect from a (non-domain) IIS in the DMZ, even > though I've allowed anonymous access to the store. It's not a networking > problem, as I get an errormessage from the Domain Controller, saying that > the > supplied password is inccorect, even though I haven't supplied a password, > nor have any way of doing it. > > Is it possible to connect to an AD-backed AzMan-store from a non-domain > server? > > /Peter 
Other interesting topics
Encrypt data
Code Access Security for Windows Service Encrypt Email with Certificate Natively in .Net Code signing - recommended cerificate provider? Help in signing SoapEnvelope using wse 3.0 Using Caspol to change Security Policy - Code Groups # different on different PC ??? .NET Applications in Linux Create X509 certificate in memory *without* makecert Read PEM encoded request certificate in C# Unauthorised exception using WebBrowser control |
|||||||||||||||||||||||
