Re: DirectoryEntry Impersonate or WindowsIdentity Impersonate?
From: Bill Belliveau (anonymous_at_discussions.microsoft.com)
Date: Fri, 30 Jan 2004 15:26:09 -0800
After kicking this around for a few days the only thing I'm wondering about is security. When calling DirectoryEntry(path, username, password) does it access resources in a secure context? I assume it probably does something like LogonUser, get a token and then accesses the directory. Although as I'm finding out with ADAM, when using a userProxy object user credentials are sent plain text.
In anycase, I think we've concluded that given the state of the project LogonUser is going to be more viable to impliment at this point.
----- Joe Kaplan (MVP - ADSI) wrote: -----
This is an interesting question that I think can only be answered with
testing. I'm not sure it makes any difference at all if you are using
AuthenticationTypes.Secure, but it would be interesting to know.
There are a few things to know though:
The underlying ADSI layer will use a cached handle to the directory if an
open object exists in memory with the server, credentials and flags.
Therefore, if you are doing a lot of binds with the same credentials, it
might make sense to try to hang on to a root object for that user until they
are finished. This is detailed somewhat here:
One the other hand, if you are doing just a few binds for each user, I would
be surprised if it makes an difference.
My instinct is to use the user's credentials if you have them as I have
found it to be much easier to debug problems in that situation because it
eliminates a big variable. That is what I have done in many of my . NET AD