Re: Accessing security information from an authentication provider



Ok, well I hope that helps. Maybe you guys can help each other now. :)

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"ferrix" <ferrix@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5685019C-8B47-4530-9E51-488D586021F7@xxxxxxxxxxxxxxxx
That looks promising. My problem was that the "Security Functions" page
has
two sections for auth packages,
"Functions Implemented by Authentication Packages", which is what I was
looking at, and gives no hint how the AP might do these things, and
"Functions Implemented by SSP/APs " with its sub-section "The following
functions are available to SSP/APs."

My main ignorance was I didn't realize I had to build an "SSP/AP", just
thought an AP was it. But without the SSP, there's no way to get a handle
to
all those juicy SAM functions.

"Joe Kaplan" wrote:

I just took a quick look and it appears to me that you are supposed to do
something like a chain of OpenSamUser -> GetUserAuthData ->
ConvertAuthDataToToken. I could be wrong though as I haven't done this
myself. It just looked logical to me based on the API docs.

Do you have enough info on the user to call OpenSamUser?

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Chris Smith" <cdsmith@xxxxxxxxx> wrote in message
news:03b57c04$0$3203$c3e8da3@xxxxxxxxxxxxxxxxxxxx
No answer? Is it not possible to implement a new authentication
provider
without reimplementing the database that holds a user's groups,
privileges, etc.?

--
Chris Smith





.



Relevant Pages

  • Re: Integrated Windows Authentication Timeout?
    ... For the second search, if the user account has an SPN of HTTP/webserver, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication since ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How to bypass Forms Authentication on selected pages programma
    ... authentication but before authorization) check the Url of the Request to see ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... You should then be able to see the SPNs that are on that account. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Network Users password expired
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)