Re: form authetication?
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/12/05
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Custom authentication"
- Previous message: casper: "Custom authentication"
- In reply to: dl: "Re: form authetication?"
- Next in thread: dl: "Re: form authetication?"
- Reply: dl: "Re: form authetication?"
- Reply: dl: "Re: form authetication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 May 2005 09:27:41 -0500
There are 4 possible username formats for an AD bind with DirectoryEntry
NT Account Name (domain\user)
userPrincipalName (user@domain.com, whatever is in the userPrincipalName
attribute)
plain username (whatever is in the sAMAccountName attribute)
distinguishedName
The first 2 can be used with any binding flags. The 3rd one can only be
used with AuthenticationTypes.Secure. The 4th one can only be used if
AuthenticationTypes.Secure is NOT specified.
I'd recommend you use AuthenticationTypes.Secure if you can, as it prevents
your credentials from going on the wire in plain text.
You can use NativeObject to force the bind. This is probably the fastest as
it doesn't load the property cache, so I'd recommend that.
HTH,
Joe K.
<dl> wrote in message news:%23giSc4nVFHA.2172@tk2msftngp13.phx.gbl...
> Hi Joe
> Yes, I am using DirectoryEntry to bind but just to the NativeObject to
> force
> authentication, I couldn't find any code sample showing with
> AuthenticationType, is this the one that would imply which logon name to
> use? Can you show me some code sample please?
>
> Would it make any difference if I bind with NativeGUID?
>
> By the way, thanks for your advise on my other thread.
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:eS3YKwlVFHA.3140@TK2MSFTNGP14.phx.gbl...
>> It depends on how you coded it.
>>
>> Are you using a DirectoryEntry to bind to AD to authenticate the user?
>> In
>> that case, the username syntax depends on the binding flags
>> (AuthenticationTypes) you specify.
>>
>> The NT logon name (domain\user, where user is the sAMAccountName
>> attribute
>> in AD) and the UserPrincipalName syntax (userPrincipalName attribute from
>> AD) will work in both simple and secure binds, so they are the most
>> flexible.
>>
>> Joe K.
>>
>> <dl> wrote in message news:uPexJagVFHA.4028@TK2MSFTNGP10.phx.gbl...
>> > Hi
>> > Can anyone tell me which logon name (is NON "pre-Windows 2000" or the
>> > "pre-Windows2000") is used for form authentication? Mine seems to work
> for
>> > either one?! anyway to restrict that to just the NON "pre-Windows2000"
>> > one?
>> >
>> > Also, I understand there is something called impersonation, can> >
> impersonation be used with form authentication?
>> >
>> > TIA
>> >
>> > --
>> >
>> >
>
>> >
>>
>>
>
>
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Custom authentication"
- Previous message: casper: "Custom authentication"
- In reply to: dl: "Re: form authetication?"
- Next in thread: dl: "Re: form authetication?"
- Reply: dl: "Re: form authetication?"
- Reply: dl: "Re: form authetication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
