RE: Accessing ActiveDirectory through LDAP with .NET
From: RBrady (RBrady_at_discussions.microsoft.com)
Date: Wed, 4 May 2005 10:30:02 -0700
How about this scenario:
1. At the client's network, add a web server (running IIS) and add the
appropriate dns entries to expose [http://example.timsclient.corp]. I'll
assume you know the rest of adding another IP to the box and creating a new
web site, assigning the IP to that site......
2. Create a web service that takes the user credentials as params and
authenticates against the AD.
3. Consume this web service in your app at the datacenter.
This should also allow future apps written in whatever to access the
centralized authentication web service.
In my last job, my employer dictated that we would use PKI...we used a
similar design to incorporate authentication in multiple apps written in Java
"Tim Mavers" wrote:
> I am trying to determine the best way I can authenticate against an
> ActiveDirectory using LDAP with .NET. I need to use LDAP because I need to
> authenticate across the Internet.
> Right now I have code that authenticates (e.g. I pass username/password to
> it) via NTLM but the problem is I am accessing this via a domain user
> account that has access to the domain controller (e.g. it's the account that
> IIS is running under).
> Obviously this doesn't work over the Internet and the only temporary
> solution is for my client to set up a VPN and have a trust relationship,
> which is really not something they want to do.
> I read somewhere (brief blurb) that I could access this information via
> Essentially I am building sort of a single-sign on application where the
> user enters their name/password in my app and it is authenticated against an
> ActiveDirectory instance.
> Any ideas on how I can do this in a secure manner over the Internet without
> the need for a VPN?