Re: How to add a user to a group and programatically see that in i
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 8 Feb 2008 18:44:53 -0600
Thanks for the clarification. It is always nice to get some insider info.
:)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
Hi Joe,
You need the impersonation level token which only comes as a result of
S4U. Much care was taken to make sure that you couldn't start with S4U
and get to a context where you are running as that user without the
proper privileges :)
All of this was in place previously, believe it or not. If you muck
around deep enough in SSPI you'll see context requirements that tell
the server (or the LSA on the server to be more precise) that it
should generate an identity or impersonation level token as a result
of AuthN. For S4U we just switched between Id and Imp based on the
caller's privilege level since there is no "client".
Dave
.
- References:
- How to add a user to a group and programatically see that in its token
- From: Garfield Lewis
- Re: How to add a user to a group and programatically see that in its token
- From: Kellie Fitton
- Re: How to add a user to a group and programatically see that in its token
- From: Garfield Lewis
- Re: How to add a user to a group and programatically see that in its token
- From: Joe Kaplan
- Re: How to add a user to a group and programatically see that in its token
- From: Garfield Lewis
- Re: How to add a user to a group and programatically see that in i
- From: lelteto
- Re: How to add a user to a group and programatically see that in i
- From: Garfield Lewis
- Re: How to add a user to a group and programatically see that in i
- From: DaveMo
- Re: How to add a user to a group and programatically see that in i
- From: Joe Kaplan
- Re: How to add a user to a group and programatically see that in i
- From: DaveMo
- How to add a user to a group and programatically see that in its token
- Prev by Date: Re: How to add a user to a group and programatically see that in i
- Next by Date: IIS7 Complete Certificate Request Fails with Error: ASNI1 bad tag value met. 0X80009310b (ASN:267)
- Previous by thread: Re: How to add a user to a group and programatically see that in i
- Next by thread: Re: How to add a user to a group and programatically see that in i
- Index(es):
Relevant Pages
|
