RE: Passing security context to COM object

From: [MSFT]Allen (yweng@online.microsoft.com)
Date: 12/12/02

• Next message: Sondre Bjellås: "Error using SSL cert (Could not establish secure channel for SSL/TLS)"
• Previous message: Tom: "Visual Studio .Net problem"
• In reply to: Timothy Vogel: "Passing security context to COM object"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: yweng@online.microsoft.com ([MSFT]Allen)
Date: Thu, 12 Dec 2002 10:25:29 GMT

The following is excerpted from the MSDN online documents:

If a Web application needs to access Active Directory, it can use
impersonation in an environment that supports delegation, or it can supply
explicit credentials to the DirectoryEntry constructor in the
System.DirectoryServices namespace. If explicit credentials are used,
applications should store credentials appropriately using a technique such
as COM+ construction strings or using the Windows data protection APIs.

1. Check if the account you specified in the web.config supports delegation.
2. Check the authentication level of the COM+
3. Try supplying explicit credentials like this: DirectoryEntry entry = new
DirectoryEntry(_path, uid, pwd, AuthenticationTypes.Delegation);

HTH,
-Allen

Disclaimer:
This posting is provided "AS IS" with no warranties, and confers no rights.
Got .Net? http://www.gotdotnet.com

--------------------
| From: "Timothy Vogel" <tvogel@msn.com>
| Subject: Passing security context to COM object
| Date: Wed, 11 Dec 2002 20:08:17 -0500
| Lines: 15
| Message-ID: <uIvDopXoCHA.844@TK2MSFTNGP12>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: adsl-78-199-58.sdf.bellsouth.net 216.78.199.58
| Path: cpmsftngxa09!cpmsftngxa10!tkmsftngp01!TK2MSFTNGP12
|
| I have a web service that works with Active Directory via LDAP,
| System.DirectoryServices namespace and ActiveDs.dll. This web service
needs
| the security context of the logged-in user to ensure the user has the
| correct rights to modify the AD object. I have the web site and
web.config
| properly setup to pass in the user's identity and have verified it via
calls
| to WindowsIdentity.GetCurrent.
|
| The problem is that when I make calls to the DirectoryEntry object and it
| passes those calls to adsi, the security context is not passed to COM.
Any
| suggestions on how to work around this issue?
|
| Thanks in advance,
| Timothy Vogel
|
|
|

---

• Next message: Sondre Bjellås: "Error using SSL cert (Could not establish secure channel for SSL/TLS)"
• Previous message: Tom: "Visual Studio .Net problem"
• In reply to: Timothy Vogel: "Passing security context to COM object"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: System.DirectoryServices questions ... The problem is how am I supposed to test whether a connection is active or not if I can create a DirectoryEntry with whatever data I want since the data really isn't verified until I try to use it? ... A connection is only established when you execute a method on that class, that binds to the directory service as part of it's implementation. ... And since my test environment is my PC connecting to an installation of Active Directory running within a virtual machine on my PC and my PC isn't a member of the domain I'm connecting to the Existsmethod will fail for me. ... (microsoft.public.dotnet.languages.csharp) Problem passing user credentials to AD ... Users log on with their network account and and connect to the ... DirectoryEntry entry = new DirectoryEntry ... binded to AD using the security context of the current logged on user, ... (microsoft.public.dotnet.security) Re: System.DirectoryServices - The server is not operational ... I can successfuly bind to Active Directory using the ldp.exe tool. ... >Authentication to authenticate against our Active Directory. ... > I'm getting an Exception when I try to create a new DirectoryEntry to try ... (microsoft.public.dotnet.framework.aspnet.security) Re: System.DirectoryServices questions ... The problem is how am I supposed to test whether a connection is active or not if I can create a DirectoryEntry with whatever data I want since the data really isn't verified until I try to use it? ... A connection is only established when you execute a method on that class, that binds to the directory service as part of it's implementation. ... And since my test environment is my PC connecting to an installation of Active Directory running within a virtual machine on my PC and my PC isn't a member of the domain I'm connecting to the Existsmethod will fail for me. ... (microsoft.public.dotnet.languages.csharp) Re: LDAP vs. Active Directory Attributes ... System.DirectoryServices namespace has to be one of the most ridiculously ... When referring to the 'Properties' collection of a DirectoryEntry object, ... the Platform SDK from Microsoft references all the Active Directory ... then that would be the Path property of the DirectoryEntry class. ... (microsoft.public.dotnet.languages.vb)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2002-12