Re: Problem establishing SSL connection in code-behind

On Jan 7, 4:48 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
You call LogonUser on the local machine to validate a user's plaintext
credentials and create a logon token for them that can be used to start
processes, impersonate or perform security checks. To call it, the user in
question must actually be able to perform the requested logon type on the
current machine. Therefore, to authenticate AD users on the web server, the
web server would need to be in a domain in the same AD forest or in a
trusted domain. If that isn't the case, then LDAP may be a better way to
go.

I don't understand why you need to log on to a remote machine. What remote
machine do you need to log on to? From what I understood, it sounded like
you were only logging on to the remote IIS machine as a means to validate
the user's credentials.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--

Thanks. Yes, exactly, we do this only as a means of authentication.
I suggested accessing the AD directly to authenticate the users, but I
was told that we do not have direct access to the AD.

Pasted below is the 540 logon/logoff event log. Does this help? I
tried converting my C# code to VB code and it seems that it works
now. But I do not understand why the choice of a language matters in
this case. Is it possible that there are some differences btwn the
libraries (especially those which have to do security development) of
C# and VB?

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 1/7/2008
Time: 7:17:44 PM
User: MYCOMPANY.COM\MY-COMPUTER-NAME$
Computer: MY-COMPUTER-NAME
Description:
Successful Network Logon:
User Name: MY-COMPUTER-NAME$
Domain: MYCOMPANY.COM
Logon ID: (0x0,0xA12E990)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {63ef2b34-31db-a736-de0e-3d6877344386}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.18.46
Source Port: 0

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
.

Relevant Pages

  • Re: Problem establishing SSL connection in code-behind
    ... On Jan 4, 6:04 pm, "Joe Kaplan" ... The 540 event is the logon ... anything different between what is generated for wfetch vs. .NET. ... Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Lightweight logon? Impersonation? - shared workstation problem
    ... seems to result in a lengthy logon. ... they are in the application in a couple seconds, upon entering their login ID ... "Joe Kaplan" wrote: ... You do need to do something to make sure the browser window is not reused by ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Validating Old Passwords Before Changing Them
    ... On Jan 31, 6:21 pm, "Joe Kaplan" ... password at next logon". ... I don't think you can call LogonUser ... Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net ...
    (microsoft.public.windows.server.active_directory)
  • Re: You are not authorized to view this page
    ... Here is the record from the Sytem Log for Kerberos ... AUTHORITY\SYSTEM BAY18 "Logon Failure: ... Logon Process: Kerberos ... Caller User Name: - ...
    (microsoft.public.inetserver.iis.security)
  • Re: You are not authorized to view this page
    ... IIS and Kerberos Part 2 - What are Service Principal Names? ... on logon session ... 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: ... Caller User Name: - ...
    (microsoft.public.inetserver.iis.security)