Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup <gnewsgroup@xxxxxxxxx>
- Date: Tue, 8 Jan 2008 06:11:22 -0800 (PST)
On Jan 8, 12:08 am, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
So, you are saying that the web server doing forms auth is not joined to a
domain that has a trust with the AD forest you want to authenticate against
and also has no LDAP network connectivity? In that case, you would need to
call something else remote that you CAN access that can perform the
authentication.
Doing the web request trick using IWA auth that you are trying to do isn't
necessarily a bad way to go for that. Just make sure the file you are
testing against has the ACL set to allow "authenticated users" read access
so that you don't get a 401 due to an authorization failure instead of an
authentication failure.
Regarding the programming language, that would not make a difference. There
must be something different in either the code you wrote or in the
parameters you were passing in. It does look like your code is now doing
Kerberos authentication to the remote web server though, so that DOES mean
you have remote network connectivity to a domain controller that can give
you a Kerberos ticket. That should mean that you can do Kerberos
authentication to the AD forest directly. As such, I'm not sure why the
admins are telling you that you don't have access to the AD. You have at
least Kerberos access. :)
It would still be useful to see the audit that was generated in the failing
case if you are interested in trying to get to the bottom of why it was not
working. However, I'll assume that since you have it working now you are
good to go.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--
I am also interested in checking out if there is some significant
discrepancy between my VB and C# code. I will test it out today.
Also, sorry I did not make clear that the 540 log which you saw was
not from production. It is from a testing machine to whose AD we do
have access.
I haven't see any failed logon from my web application in the event
viewer. It seems even if when I was getting the 401 error, the event
audit still says Success.
.
- Follow-Ups:
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- References:
- Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Problem establishing SSL connection in code-behind
- Prev by Date: Re: Problem establishing SSL connection in code-behind
- Next by Date: Password expiration good practice.
- Previous by thread: Re: Problem establishing SSL connection in code-behind
- Next by thread: Re: Problem establishing SSL connection in code-behind
- Index(es):
Relevant Pages
|
