Re: Problem establishing SSL connection in code-behind
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 7 Jan 2008 23:08:33 -0600
So, you are saying that the web server doing forms auth is not joined to a
domain that has a trust with the AD forest you want to authenticate against
and also has no LDAP network connectivity? In that case, you would need to
call something else remote that you CAN access that can perform the
authentication.
Doing the web request trick using IWA auth that you are trying to do isn't
necessarily a bad way to go for that. Just make sure the file you are
testing against has the ACL set to allow "authenticated users" read access
so that you don't get a 401 due to an authorization failure instead of an
authentication failure.
Regarding the programming language, that would not make a difference. There
must be something different in either the code you wrote or in the
parameters you were passing in. It does look like your code is now doing
Kerberos authentication to the remote web server though, so that DOES mean
you have remote network connectivity to a domain controller that can give
you a Kerberos ticket. That should mean that you can do Kerberos
authentication to the AD forest directly. As such, I'm not sure why the
admins are telling you that you don't have access to the AD. You have at
least Kerberos access. :)
It would still be useful to see the audit that was generated in the failing
case if you are interested in trying to get to the bottom of why it was not
working. However, I'll assume that since you have it working now you are
good to go.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
Thanks. Yes, exactly, we do this only as a means of authentication.
I suggested accessing the AD directly to authenticate the users, but I
was told that we do not have direct access to the AD.
Pasted below is the 540 logon/logoff event log. Does this help? I
tried converting my C# code to VB code and it seems that it works
now. But I do not understand why the choice of a language matters in
this case. Is it possible that there are some differences btwn the
libraries (especially those which have to do security development) of
C# and VB?
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 1/7/2008
Time: 7:17:44 PM
User: MYCOMPANY.COM\MY-COMPUTER-NAME$
Computer: MY-COMPUTER-NAME
Description:
Successful Network Logon:
User Name: MY-COMPUTER-NAME$
Domain: MYCOMPANY.COM
Logon ID: (0x0,0xA12E990)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {63ef2b34-31db-a736-de0e-3d6877344386}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.18.46
Source Port: 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
.
- Follow-Ups:
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- References:
- Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Problem establishing SSL connection in code-behind
- Prev by Date: Re: Problem establishing SSL connection in code-behind
- Next by Date: Re: Problem establishing SSL connection in code-behind
- Previous by thread: Re: Problem establishing SSL connection in code-behind
- Next by thread: Re: Problem establishing SSL connection in code-behind
- Index(es):
Relevant Pages
|
