RE: Accessing ActiveDirectory through LDAP with .NET

From: RBrady (RBrady_at_discussions.microsoft.com)
Date: 05/04/05 

Date: Wed, 4 May 2005 10:30:02 -0700

Tim,

How about this scenario:

1. At the client's network, add a web server (running IIS) and add the
appropriate dns entries to expose [http://example.timsclient.corp]. I'll
assume you know the rest of adding another IP to the box and creating a new
web site, assigning the IP to that site......

2. Create a web service that takes the user credentials as params and
authenticates against the AD.

3. Consume this web service in your app at the datacenter.

This should also allow future apps written in whatever to access the
centralized authentication web service.

In my last job, my employer dictated that we would use PKI...we used a
similar design to incorporate authentication in multiple apps written in Java
and ASP.Net....

Ryan

"Tim Mavers" wrote:

> I am trying to determine the best way I can authenticate against an
> ActiveDirectory using LDAP with .NET. I need to use LDAP because I need to
> authenticate across the Internet.
>
> Right now I have code that authenticates (e.g. I pass username/password to
> it) via NTLM but the problem is I am accessing this via a domain user
> account that has access to the domain controller (e.g. it's the account that
> IIS is running under).
>
> Obviously this doesn't work over the Internet and the only temporary
> solution is for my client to set up a VPN and have a trust relationship,
> which is really not something they want to do.
>
> I read somewhere (brief blurb) that I could access this information via
> LDAP.
>
> Essentially I am building sort of a single-sign on application where the
> user enters their name/password in my app and it is authenticated against an
> ActiveDirectory instance.
>
> Any ideas on how I can do this in a secure manner over the Internet without
> the need for a VPN?
>
> Thanks,
>
>
>

Relevant Pages

  • Re: whats the difference between a connect, bind and authentication?
    ... the machine uses DNS to locate domain controllers in the users ... and LDAP is not involved in this situation at all? ... A Bind operation in LDAP authenticates the user and changes the ...
    (microsoft.public.windows.server.active_directory)
  • pam ssh authentication via ldap
    ... authenticates a network of centos 5.5 machines. ... via LDAP and having some difficulty. ... finding the account information when I am making the login attempt: ... But logins fail every time. ...
    (freebsd-questions)
  • Re: Directory Security
    ... Zone (in Internet Explorer), while servera will be in the Intranet Zone. ... IE automatically authenticates when asked, if the server is in the ...
    (microsoft.public.inetserver.iis)
  • Connection timed out - jndi ldap
    ... that authenticates through ldap uses this preexisting DirContext. ... public static void authenticate(String user_id, String password, String ... SearchControls constraints = new SearchControls; ...
    (comp.lang.java.programmer)
  • Re: pam ssh authentication via ldap
    ... passwd_compat: files ldap ... authenticates a network of centos 5.5 machines. ...  But at the moment I am attempting to setup pam authentication for ssh ... openldap-client-2.4.23 Open source LDAP client implementation ...
    (freebsd-questions)