Re: form authetication?
dl
Date: 05/12/05
- Previous message: Brock Allen: "Re: Problem with setauthcookie"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: form authetication?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: form authetication?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: form authetication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 May 2005 23:53:11 +0800
Hi Joe
I just tried with the new syntax, it would still let me get by with either
userPrincipalName or the sAMAccountName. Does the path make any difference?
I have been using LDAP://dc=xxx, dc=com
TIA
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OSR2F7vVFHA.2328@TK2MSFTNGP10.phx.gbl...
> There are 4 possible username formats for an AD bind with DirectoryEntry
> NT Account Name (domain\user)
> userPrincipalName (user@domain.com, whatever is in the userPrincipalName
> attribute)
> plain username (whatever is in the sAMAccountName attribute)
> distinguishedName
>
> The first 2 can be used with any binding flags. The 3rd one can only be
> used with AuthenticationTypes.Secure. The 4th one can only be used if
> AuthenticationTypes.Secure is NOT specified.
>
> I'd recommend you use AuthenticationTypes.Secure if you can, as it
prevents
> your credentials from going on the wire in plain text.
>
> You can use NativeObject to force the bind. This is probably the fastest
as
> it doesn't load the property cache, so I'd recommend that.
>
> HTH,
>
> Joe K.
>
> <dl> wrote in message news:%23giSc4nVFHA.2172@tk2msftngp13.phx.gbl...
> > Hi Joe
> > Yes, I am using DirectoryEntry to bind but just to the NativeObject to
> > force
> > authentication, I couldn't find any code sample showing with
> > AuthenticationType, is this the one that would imply which logon name to
> > use? Can you show me some code sample please?
> >
> > Would it make any difference if I bind with NativeGUID?
> >
> > By the way, thanks for your advise on my other thread.
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
wrote
> > in message news:eS3YKwlVFHA.3140@TK2MSFTNGP14.phx.gbl...
> >> It depends on how you coded it.
> >>
> >> Are you using a DirectoryEntry to bind to AD to authenticate the user?
> >> In
> >> that case, the username syntax depends on the binding flags
> >> (AuthenticationTypes) you specify.
> >>
> >> The NT logon name (domain\user, where user is the sAMAccountName
> >> attribute
> >> in AD) and the UserPrincipalName syntax (userPrincipalName attribute
from
> >> AD) will work in both simple and secure binds, so they are the most
> >> flexible.
> >>
> >> Joe K.
> >>
> >> <dl> wrote in message news:uPexJagVFHA.4028@TK2MSFTNGP10.phx.gbl...
> >> > Hi
> >> > Can anyone tell me which logon name (is NON "pre-Windows 2000" or the
> >> > "pre-Windows2000") is used for form authentication? Mine seems to
work
> > for
> >> > either one?! anyway to restrict that to just the NON
"pre-Windows2000"
> >> > one?
> >> >
> >> > Also, I understand there is something called impersonation, can> >
> > impersonation be used with form authentication?
> >> >
> >> > TIA
> >> >
> >> > --
> >> >
> >> >
> >
> >> >
> >>
> >>
> >
> >
>
>
- Previous message: Brock Allen: "Re: Problem with setauthcookie"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: form authetication?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: form authetication?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: form authetication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
