Re: WindowsTokenRoleProvider & Domain Groups

Also, regarding the DLGs, it occurs to me to ask whether or not the groups
in question are actually security-enabled and also make sure the domain
isn't in Win2K mixed mode (instead of native mode). You won't get DLGs in
your access token unless the groups are security enabled and the domain in
2K native or higher.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:098A37F5-DAA2-4143-88CC-87DF25476175@xxxxxxxxxxxxxxxx
Yeah, I found that GetDirectoryEntry method about ten minutes after my
last
post. It's been a learning experience. :-)

Extra information is always helpful. Eventually it sinks in, even if I
don't
get it initially.

ADFS = Active Directory Federated Services?
SSO = Single Sign-On?

I really appreciate all the assistance. You provide enough information so
as
not to completely frustrate the reader but leave enough for the reader to
figure out on their own so it's still fun. That's a tough line to walk.
Thanks.

"Joe Kaplan" wrote:

The easiest way to get a DirectoryEntry from a SearchResult is just to
call
GetDirectoryEntry. That's what I'd do.

Anyway, I hope this extra explanation is helpful and not distracting. :)

One other advantage to coding to the membership APIs is that it gives you
the ability to use ADFS as another way to sign into the application in
the
future. This gives you a reasonable way to sell your app in the ASP
model
where you host it yourself on the public internet and provide SSO back to
your clients. Your clients could also use this for SSO internally if
they
are using ADFS.



.

Relevant Pages

  • Re: AD Domain Trust is unsafe!
    ... I will say that ADFS IS a good solution for doing some types of integration ... using it now are already integrated via Windows security. ... tell you whether or not you are taking risks with the trust. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cold Fusion SSO and File Access
    ... SSO is private to the CF application, ... > I am a security engineer who just completed an Cold ... The web server is obviously IIS. ... > authenticate to the windows server. ...
    (microsoft.public.inetserver.iis.security)
  • SSO Tru64
    ... Tru64 and using SSO would have? ... Local School District that is privileged, ... exclusive property of the intended recipient or the Lakota Local School ... We are currently running enhanced security but are contemplating using ...
    (Tru64-UNIX-Managers)