Re: WindowsTokenRoleProvider & Domain Groups

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Feb 2007 09:26:35 -0600

I responded in another place in the thread, but you really don't need to do
this. If you are using Windows auth in IIS/ASP.NET, you don't need the
membership provider or the role provider. Just let Windows check the
credentials and let ASP.NET build you a token and a WindowsPrincipal that
will automatically be placed in Context.User.

If you need to look up additional attributes in AD, then the
DirectorySearcher will be needed.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:50DB92BF-C363-4740-8B72-6E7617048432@xxxxxxxxxxxxxxxx

I'm sorry. My mistake, I was using the ActiveDirectoryMembershipProvider
simply to validate the user's credentials. Then, once I knew the username
and
password were valid I was using the DirectoryEntry & DirectorySearcher to
get
information about the user. That's what I get for posting just as I'm
trying
to leave the office.

I am using Windows authentication. My web.config contains:

<authentication mode="Windows" />

And the Directory Security for the vdir is set up such that the only
option
checked is Integrated Windows authentication.

"Joe Kaplan" wrote:

Out of curiosity, how are you getting a Windows token for the logged on
user
when you are using the ActiveDirectoryMembershipProvider? Normally, you
get
a Windows token when you use Windows authentication.

References:
- Re: WindowsTokenRoleProvider & Domain Groups
  - From: Joe Kaplan
- Re: WindowsTokenRoleProvider & Domain Groups
  - From: Joe Kaplan
- Re: WindowsTokenRoleProvider & Domain Groups
  - From: Joe Kaplan

Prev by Date: Re: WindowsTokenRoleProvider & Domain Groups
Next by Date: Re: Create a role and check it
Previous by thread: Re: WindowsTokenRoleProvider & Domain Groups
Next by thread: Re: WindowsTokenRoleProvider & Domain Groups
Index(es):
- Date
- Thread

Relevant Pages

Re: Kerberos authentication NOT in AD
... username and password and authenticate it against your Kerb realm. ... If you can get some Windows code that can ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.dotnet.security)
Re: role/group authorization not recognizing user groups.
... If your app is using Windows security in IIS and web.config, ... authenticated user should be a WindowsPrincipal. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: LDAP for Windows XP
... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You can't authenticate local machine users with LDAP. ... like to retrieve the windows XP user ID and Password to compare it ...
(microsoft.public.dotnet.security)
Re: General questions about LDAP, GC and access permissions
... Windows Communication Foundation) they are authenticated with the regular ... this is done by examing what groups the user is a member of. ... Since the regular windows authentication is used, ... trusted domain in an external forest. ...
(microsoft.public.windows.server.active_directory)
Re: determine trusted domain with windows authentication
... The domain name in the user name is formed by Windows authentication based ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.dotnet.framework.aspnet.security)