Re: determine trusted domain with windows authentication

From: "Jerry N" <starfire@xxxxxxxxxxxxxxxx>
Date: Sun, 9 Jul 2006 09:23:13 -0500

Thanks, I thought it was created using tokens but the domain name is still
determined by a [system admin] user. Can I get determine if the security
token came from a trusted domain? How many 'WORKGROUP' or 'MSHOME'
workgroups/domains are there?

Jerry

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:uRNrH2roGHA.220@xxxxxxxxxxxxxxxxxxxxxxx
The domain name in the user name is formed by Windows authentication based
on how Windows translates the user's SID into an NT-format name, not by
input data, so you don't need to worry about it being spoofed by the user.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jerry N" <starfire@xxxxxxxxxxxxxxxx> wrote in message
news:enP6hzjoGHA.4776@xxxxxxxxxxxxxxxxxxxxxxx

I am planning on using Windows authentication for a web page. I've added
these lines to my web.config file:

<identity impersonate="true"/>
<authentication mode="Windows" />

And I can view the name with:

void Page_Load(object sender, EventArgs e) {
if(User.Identity.IsAuthenticated ) {
lblIdentity.Text = "The current user is " + User.Identity.Name;
} else {
lblIdentity.Text = "The current user is not authenticated.";
}
}

So my question is, how can I authenticate the "Domain" from the
User.Identity.Name property? I was going to split the "Domain\Username"
value to get the domain name but I don't want a remote Windows client to
spoof the domain name. I also hoping to avoid hardcoding the valid domain
names and use Active Directory to validate them.

Any ideas?

Thanks,
Jerry N

Follow-Ups:
- Re: determine trusted domain with windows authentication
  - From: Joe Kaplan \(MVP - ADSI\)

References:
- determine trusted domain with windows authentication
  - From: Jerry N
- Re: determine trusted domain with windows authentication
  - From: Joe Kaplan \(MVP - ADSI\)

Prev by Date: Re: How to deploy ASP.Net applications
Next by Date: Re: determine trusted domain with windows authentication
Previous by thread: Re: determine trusted domain with windows authentication
Next by thread: Re: determine trusted domain with windows authentication
Index(es):
- Date
- Thread

Relevant Pages

Re: Error setting DirecotrySearchers new ExtendedDN
... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server ... error when my code reaches "using (SearchResultCollection results = ...
(microsoft.public.platformsdk.security)
Re: Single sign-on between web & desktop
... Can you use integrated windows authentication for this? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The desktop app is ...
(microsoft.public.dotnet.security)
Re: Can groups be entered in the authorization tab?
... using the name that Windows uses to do the match, so you don't get a valid ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... intra net site internally. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Light directory service and ADAM
... ADAM is not a store for Windows accounts. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.windows.server.active_directory)
RE: Vista group policy, 2003 server...help ?
... Windows accomplishes this by using two ... access tokens for each user: ... limited and elevated tokens are mostly identical, ... The script actually works and maps the drive. ...
(microsoft.public.windows.server.general)