Re: determine trusted domain with windows authentication

Windows authentication will only authenticate users it trusts. That would
mean that only local machine users, users in the machine's domain and users
in trusted domains will be authenticated.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jerry N" <starfire@xxxxxxxxxxxxxxxx> wrote in message
news:OR2JzM2oGHA.1140@xxxxxxxxxxxxxxxxxxxxxxx
Thanks, I thought it was created using tokens but the domain name is still
determined by a [system admin] user. Can I get determine if the security
token came from a trusted domain? How many 'WORKGROUP' or 'MSHOME'
workgroups/domains are there?

Jerry

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:uRNrH2roGHA.220@xxxxxxxxxxxxxxxxxxxxxxx
The domain name in the user name is formed by Windows authentication based
on how Windows translates the user's SID into an NT-format name, not by
input data, so you don't need to worry about it being spoofed by the user.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Jerry N" <starfire@xxxxxxxxxxxxxxxx> wrote in message
news:enP6hzjoGHA.4776@xxxxxxxxxxxxxxxxxxxxxxx
I am planning on using Windows authentication for a web page. I've added
these lines to my web.config file:

<identity impersonate="true"/>
<authentication mode="Windows" />

And I can view the name with:

void Page_Load(object sender, EventArgs e) {
if(User.Identity.IsAuthenticated ) {
lblIdentity.Text = "The current user is " + User.Identity.Name;
} else {
lblIdentity.Text = "The current user is not authenticated.";
}
}

So my question is, how can I authenticate the "Domain" from the
User.Identity.Name property? I was going to split the "Domain\Username"
value to get the domain name but I don't want a remote Windows client to
spoof the domain name. I also hoping to avoid hardcoding the valid
domain
names and use Active Directory to validate them.

Any ideas?

Thanks,
Jerry N








.

Relevant Pages

  • Re: login control blues
    ... you really don't want to use S.DS for authentication. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... a pre-compiled dll. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Active Directory and ASP.NET 2.0
    ... It only works when you can use Windows authentication, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I am successfully able to retrieve tokenGroups data for a given ...
    (microsoft.public.dotnet.security)
  • Re: Calling NetUserGetInfo from ASP.NET app
    ... Also, when using basic auth, you aren't really using Kerberos delegation ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Not sure if I like this method, but I switched to basic authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Impersonation Issue
    ... Windows authentication in the first place and let it do this for you. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I'm storing their encrypted password in session state, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.net authentication from external LDAP server
    ... Do you want to do forms authentication? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)