Re: Active Directory and asp.net....

From: Jim (ssss)
Date: 05/27/03 

Date: Tue, 27 May 2003 14:05:13 +0100

So how would I update an AD node that represents a user from another AD node
that represents my domain adminstrator?

Cheers

Jim

"Shaun Austin" <ms_newsgroup@racefans.freeserve.co.uk> wrote in message
news:2ba001c3244a$b01c9970$a001280a@phx.gbl...
> If I remeber rightly when you query for a node in AD you
> can supply a username and password as parameters then any
> access to that node and any you retrieve from under it are
> accessed in that user's context...
>
> I did this a while ago but I don't have the code now as I
> am working with a different client!
>
> Shaun
>
> >-----Original Message-----
> >This is what I am doing already but it does not want to
> work from asp.net,
> >any ideas?
> >
> >Cheers
> >
> >Jim
> >
> >
> >"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in
> message
> >news:ueUFTHEJDHA.2152@TK2MSFTNGP10.phx.gbl...
> >> Jup. Actualy if you enable impersonation on forms
> authentication, then you
> >> application will run under IUSR_..... account because
> impersonation
> >> impersonates IIS account. I would like to point you to
> an QArticle that
> >> shows sample on how to use LogonUser API in your
> ASP.NET application
> >> http://support.microsoft.com/default.aspx?scid=306158
> >> I was just starting to write the code, when this
> QArticle poped-up :-))
> >>
> >> Regards
> >>
> >> Matjaz Ladava
> >>
> >> "Jim" <ssss> wrote in message
> >news:uZnmj6DJDHA.3604@tk2msftngp13.phx.gbl...
> >> > So you are saying is that inside my asp.net api call
> out to the win32
> >> > LogonUser api to change the current user from the
> default asp account to
> >> my
> >> > special account designed only to have 'domain admin'
> rights.
> >> >
> >> > So this is a kinda impersonation using win32 api
> calls....
> >> >
> >> > Jim
> >> >
> >> >
> >> >
> >> > "Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in
> message
> >> > news:#N$9ryDJDHA.3056@tk2msftngp13.phx.gbl...
> >> > > Impersonation works only on Windows authentication,
> so it has no
> >affect
> >> on
> >> > > Forms authentication. What you can do is, to use
> diferent acount for
> >ASP
> >> > > worker process (with admin rightd), but this is
> quite dangerous
> >(running
> >> > web
> >> > > site under domain admin). Another aproach would be
> to use LogonUser
> >Api,
> >> > to
> >> > > temporary switch application thread to another user.
> >> > >
> >> > > Regards
> >> > >
> >> > > Matjaz Ladava
> >> > >
> >> > > "Jim" <ssss> wrote in message
> >> news:eRXyacDJDHA.700@TK2MSFTNGP10.phx.gbl...
> >> > > > I have a web service that is doing user
> authentication and
> >management,
> >> > > > internally it is using active directory to store
> the user accounts,
> >> this
> >> > > is
> >> > > > accessed through the System.DirectoryServices
> namespace in C#. I use
> >> > > > imperonsation to modify the user accounts, i.e. I
> impersonate a
> >> 'Domain
> >> > > > Adminstrator' account and modify the user
> properties as required.
> >> > > >
> >> > > > When I test this from a desktop or console
> application it works
> >> > perfectly
> >> > > > fine, but when my web service is used from an
> asp.net application I
> >am
> >> > > > unable to modify user properties. The asp.net
> application is using
> >> forms
> >> > > > authentication which uses this web service to
> authenticate, what do
> >I
> >> > have
> >> > > > to modify in the asp.net application to get
> imperonsation working
> >> > > correctly
> >> > > > for my web service?
> >> > > >
> >> > > > Cheers
> >> > > >
> >> > > > Jim
> >> > > >
> >> > > >
> >> > >
> >> > >
> >> >
> >> >
> >>
> >>
> >
> >
> >.
> >

Relevant Pages

  • Re: How to use WindowsPrincipal properly??
    ... the administrators in the computer e.g. win2k ... I am basically confused with the role base authentication and the ... impersonation, not sure what exactly is the difference. ... > string ONLY returns the string "Administrator", ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: System.IO.Directoryinfo throwing exception
    ... With basic authentication and impersonation you need to ... use a domain account which can delegate and you can check how to mark your ... ASP.NET MVP ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Access denied ( From one site to another, that is in another server)
    ... server. ... you can implement impersonation through code and revert ... This posting is provided "AS IS", with no warranties, and confers no rights. ... | Integrated Authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: localhost vs. macinename in URL (access denied)
    ... Impersonation with Integrated Authentication will work if you are accessing ... a resource on the same machine. ... being delegated to allow delegation or change the computer account to allow ...
    (microsoft.public.dotnet.security)
  • Re: IIS Folder and file security. Impersonation does not work.
    ... Custom URL navigation. ... First -- what you want to do does NOT need the impersonation DLL at all. ... Second -- you are muddling HTML and IIS concepts together and hoping for the ... Now, with IIS6, we have a custom authentication sample ISAPI that should ...
    (microsoft.public.inetserver.iis)