Re: User Authentication, Active Directory and more (help)
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/21/04
- Previous message: Edmond Goon: "RE: forms authentication-but do not write cookie to client machine"
- In reply to: Timothy Parez: "Re: User Authentication, Active Directory and more (help)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Jun 2004 09:12:23 -0500
When you are using Windows authentication in IIS and ASP.NET, the roles in
the IPrincipal that gets created will be Windows groups, so they will be of
the form Domain\Group Name.
I order to make sure you are using Windows authentication in IIS, you must
disable anonymous access and enable Basic, Digest or Integrated
authentication. Don't use Basic without SSL or you will be passing
credentials in plain text over the network. In ASP.NET, you need to make
sure the authentication tag in web.config is set to Windows (which is the
default).
In order to authenticate users in Active Directory, the IIS server must be a
member of the Active Directory domain.
If you want to build your own authentication scheme using
System.DirectoryServices or something, then you will also be responsible for
building the IPrincipal object that contains the user's roles. This sample
of Forms authentication with System.DirectoryServices is an okay starting
point.
http://support.microsoft.com/default.aspx?scid=kb;en-us;326340
HTH,
Joe K.
"Timothy Parez" <tpsoftware@users.sourceforge.net> wrote in message
news:40D67AC6.7030502@users.sourceforge.net...
> Hey,
>
> Thnx for all the information.
>
> I would like to ask you for some more help :)
>
> I tried using the following in my web.config file but it doesn't really
work
>
> <system.web>
> <authentication mode="Windows"/>
> <authorization>
> <allow roles="Admins" />
> <deny users="*" />
> </authorization>
> </system.web>
>
> I have also played with these values, but either I get a logon screen
> but I can never logon, or I don't get a logon screen and get a page that
> I'm not authorized to view that page right away.
>
> In any case I don't think this will be the best option for me.
>
> Using the DirectoryServices namespace, can I take a username and
> password and validate it against the AD from my code
>
> ie. is there something like (I know seems stupid but I must ask)
>
> if (User.Authenticate("username","password"))
> {
> MessageBox.Show("Welcome");
> }
> else
> {
> MessageBox.Show("Try again m8");
> }
>
> This would be a lot better than the logon provided by ASP.NET (more
> compatible and usable in code)
>
> Thnx for you help.
>
> Timothy.
- Previous message: Edmond Goon: "RE: forms authentication-but do not write cookie to client machine"
- In reply to: Timothy Parez: "Re: User Authentication, Active Directory and more (help)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
