Re: Query AD using Integrated Authentication?
From: HG (hg_at_nospam.websolver.dk)
Date: 07/30/04
- Next message: darsin: "Sessions"
- Previous message: dl: "DirectoryServices Namespace"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Query AD using Integrated Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jul 2004 14:15:18 +0200
Hi Joe..
Yep, .NET indeed gives you a lot of options. :-)
Thanx for your reply.
I will use the explicit credentials then.
Regards
Henrik
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> skrev i
en meddelelse news:%23nAajdXdEHA.644@tk2msftngp13.phx.gbl...
> You can definitely use a fixed account to query AD. You can do that by
> specifying explicit credentials in your DirectoryEntry binds or by
changing
> the identity of the process or impersonated account to the appropriate
> domain account. You can also put all your S.DS code in a COM+ component
and
> set it up with its own identity, so you have a LOT of options, must like
you
> do with SQL server. I can provide more specific samples if you need them,
> or you can probably dig them up with a Google groups search.
>
> The original question had to do with why impersonation wasn't working in a
> machine hopping scenario, in which case the answer was related to Kerberos
> delegation.
>
> Joe K.
>
> "HG" <hg@nospam.websolver.dk> wrote in message
> news:eGU4E8TdEHA.2544@TK2MSFTNGP10.phx.gbl...
> > Hi there
> >
> > Couldn't help myself... I am having a similar problem..
> >
> > The article that Joe refers to, says that you have to change browser
> > settings (Enable Integrated Authentication), that is, each of the
browser
> > clients. I do not know if this is a viable option for me.
> >
> > However.
> >
> > I use Integrated Authentication up until IIS, so far so good...The
problem
> > arises when you want to contact other servers/services as for example an
> > Active Directory. Is this correct?
> >
> > Isn't it possible to user a fixed user account to query the AD, and
> thereby
> > NO need to setup browsers for IA, say:
> > Use IA up until IIS (IA + impersonate, no anonymous), in you ASP.NET
page
> > autheticate to the AD by using a predefined user, retrieve the settings
> you
> > want (fx. the full name of the user), and process the ASP.NET page
> further.
> > Is this possible?
> >
> > Must be, because how does IIS handle connections to MSSQL?
> >
> > Anyone..Please
> >
> > Best regards
> >
> > Henrik
> >
> >
>
>
- Next message: darsin: "Sessions"
- Previous message: dl: "DirectoryServices Namespace"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Query AD using Integrated Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
