Authenticate Against localhost and AD

From: Michał Januszczyk (MichaJanuszczyk_at_discussions.microsoft.com)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 04:30:02 -0700

Hello.

I've got the following problem:

There is a web application (ASP.NET), that needs to
authenticate users against local machine and Active Directory.
By default, the application works as ASPNET account (Win2000, XP).
When working on ASPNET account the apllication is able to do the following:

        string path = "WinNT://" + Environment.MachineName + ",computer";
        DirectoryEntry entry = new DirectoryEntry(path, username, pwd);
        try
        {
          //force authentication
         Object o = entry.NativeGuid;

          //authentication succeeded

        }
        catch(...)
        {
        //authentication failed
        }

Wnen run as ASPNET account, the code is able to work correctly.
However, when run as SYSTEM account, exception is thrown

I need to switch to system account, because I also need to authenticate
users in Acitive Directory, and ASPNET this time cannnot connect to AD,
whereas SYSTEM account can.

So, currently I can authenticate users either in local system (when run as
ASPNET) or in AD (when run as SYSTEM), bot not concurrently (i.e.
I can not do this without restarting the process)

                 SYSTEM ASPNET
LOCAL USERS - +
DOMAIN USES + -

Questions:
1. Is there any way to grant local ASPNET account ability to connect to AD ?
2. Is there any way to allow SYSTEM account to authenticate users against
   local machine. (The inability seems ridiculous...)
   (Note: I cannot temporarily use impersonation [SYSTEM is granted right to
    impersonate someone elese] to check credentials, since the application is
    a muliti user system and the fraction of time the app would work as somebody
    else (not system but e.g John.Smith ) would leed to errors. Ok, I might
    lock entire application functionality when somebody performs logon
    but this would be hugely ineffective and would require to redesign
    plenty of code. (The application is pretty complex))

Thanks for help
Michał

Relevant Pages

  • Re: EXECUTE permission denied on object sp_sdidebug, database m
    ... It is just your local machine where you are having problems right? ... you need to install SQL Server before installing VS.Net and the .Net ... >> the aspnet account or your Windows login account to the SQL Server ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Accessing data from remote SQL Server.
    ... By default the ASPNET account password is generated per machine, ... the ASPNET password on your local machine does not match the password ... >ASP.NET application on this machine that accesses data from a SQL Server ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Accessing data from remote SQL Server.
    ... > the ASPNET password on your local machine does not match the password ... > for the ASPNET account on the remote machine. ... >>ASP.NET application on this machine that accesses data from a SQL Server ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: help with setting up aspnet account for msde
    ... > local machine. ... >>I'm trying to get a database connection to MSDE working. ... >>have to use oSql to setup the ASPNET account to work with databases. ...
    (microsoft.public.dotnet.framework.aspnet)