Re: Authenticate Against localhost and AD
From: Michał Januszczyk (MichaJanuszczyk_at_discussions.microsoft.com)
Date: 06/28/04
- Next message: Telmo Sampaio: "Re: app lease/licensing"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Identity.IsAuthenticated always false ??"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Authenticate Against localhost and AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 10:45:01 -0700
"Joe Kaplan (MVP - ADSI)" wrote:
> Just add the domain controller dns name to your LDAP path:
> LDAP://yourdc.domain.com/rootDSE (or whatever DN you wish to use)
>
> Also, you should ALWAYS specify AuthenticationTypes.Secure when specifying
> credentials to ensure that they are not sent in clear text on the network.
> Additionally, you may wish to add AuthenticationTypes.ServerBind if you
> specify a specific DC name as that will give you a small performance boost.
Thank You. I'll try to do it in this way.
> Actually, you can use LogonUser here in the same way that you are
> authenticating to AD with a DirectoryEntry object. LogonUser will succeed
> if the user's credentials are accepted in a similar way to the
> DirectoryEntry bind. Whether or not you impersonate the returned token is
> up to you, but it can definitely be used as an authentication mechanism.
> I don't understand your comment about having the code running as a different
> user and having to use locking and such as you would be using LogonUser here
> as a replacement for the S.DS code. What is the difference in your mind?
Ok, It was my mistake. Now I can see that LogonUser does not automatically
impersonate new user. It is up to the caller. However had impersonation been automatically involved (and I was sure that) , the process would be given new identity for some time (until reverting to the original identity) and the whole functionality would be working as another user (untill reverting...). Untill then
I might allow the other code to work (not locking used) or not allow (lock).
> Understand this part. I figured you were using forms authentication, but I
> thought I'd throw that out. I am often confused as to why people use Forms
> authentication and make their lives so much harder when regular IIS
> authentication might work fine. However, sometimes people have to use Forms
> auth. for whatever reason.
Thanks again
Michał
- Next message: Telmo Sampaio: "Re: app lease/licensing"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Identity.IsAuthenticated always false ??"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Authenticate Against localhost and AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
