|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Walking Active DirectoryI am new to the objects that expose ActiveDirectory so hence the very basic
question. There seems to be many methods to interorgrate Active Directory I would like to know what is the best one! All we need to due is based on the current user accessing the site via integrated security is snap shot the information for that user within AD and place a copy within our database. So we need to be able to enumerate the AD objects under the current user. Cheers Keith Chadwick With integrated authentication, you will have the user's NT user name (in
Context.User.Identity.Name) and will need to do a query to the directory based on that name. The first question is how complex is your AD forest? Are there multiple domains or a single one? Are there any trusts to foreign domains involved? All of that can possibly complicate things. The other question is what data you need from AD. Can you get all the data your need from the Global Catalog or are there specific pieces that you need from the domain controller itself? That can make things more complex as well. Things are easiest when you can get everything from the GC because then you can do one forest-wide query for the user. In the general case, I think the easiest thing to do would be to p/invoke the TranslateName API to get the user's distinguished name from the NT name. Then you can use that for binding to AD. The other issue will be what security context you are going to use to talk to AD. The obvious choice would be to impersonate the logged on user, but that has the downside of causing issues with double-hops and may require you to investigate Kerberos delegation. That is all discussed here: http://support.microsoft.com/default.aspx?scid=kb;en-us;329986 I'm afraid you may be more confused than when you started, but hopefully that helps some. Joe K. Show quoteHide quote "Keith Chadwick" <KeithChadw***@discussions.microsoft.com> wrote in message news:E997D01B-2099-4371-997D-477F8A8EBEFD@microsoft.com... >I am new to the objects that expose ActiveDirectory so hence the very basic > question. There seems to be many methods to interorgrate Active Directory > I > would like to know what is the best one! All we need to due is based on > the > current user accessing the site via integrated security is snap shot the > information for that user within AD and place a copy within our database. > So > we need to be able to enumerate the AD objects under the current user. > > Cheers > Keith Chadwick 
Other interesting topics
EventLogPermission via caspol.exe
Creating User Accounts with or without Active Directory Event Log Write access under ASP.NET Windows Authentication Newbie Question Access denied with interop Code Source Security How to share a Principal within a ThreadPool ? Upgrading Encryption to .Net not Working!!!!!!! Very slow Principal.IsInRole call... CredUIConfirmCredentials behaves unexpectedly |
|||||||||||||||||||||||
