Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / October 2005

Tip: Looking for answers? Try searching our database.

ASP.NET 2.0 AD authentication

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Patrick Allmond - 31 Oct 2005 15:42 GMT
I am starting to write an ASP.NET 2.0 web based application. For
authorization we'd like to use the existing userids and passwords in our
Active Directory. We cannot use Windows integrated security becauses users
will be accessing our application from the intra AND internet net AND we
don't want people to be allowed into our application just because they are
logged into windows. Even thought we are using AD userid/password we still
want users to authenticate every. We also have a very large AD forest where
people depending on their area log into 1 of 20+ domains.

I've read the articles at:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAG
HT000026.asp

and

http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HowToUseFormsAuthWithADI
nMultipleDomains

No matter what I do right now I always get a message back saying that the
user cannot be authenticaed.

Are there any other good reads on this, or has anybody done this before
useing asp.net 2.0?

Thank you,
Patrick Allmond
Reply to this Message
Joe Kaplan (MVP - ADSI) - 31 Oct 2005 17:00 GMT
Would you consider using Basic authentication with SSL?  It does not require
any additional code and will force the users to be challenged to
authenticate.

If your site is going to be secure, you really need to use forms auth with
SSL anyway to prevent users' forms auth tokens from being stolen anyway.

That would be the easiest way by far to handle authentications in a complex
forest as Windows will sort out all that stuff for you.

Joe K.

>I am starting to write an ASP.NET 2.0 web based application. For
> authorization we'd like to use the existing userids and passwords in our
[quoted text clipped - 22 lines]
> Thank you,
> Patrick Allmond
Reply to this Message
Patrick Allmond - 31 Oct 2005 17:14 GMT
Thanks Joe (I think you have helped me before).

Does ASP.NET 2.0 have some built in objects to manage what you are proposing?

P

> Would you consider using Basic authentication with SSL?  It does not require
> any additional code and will force the users to be challenged to
[quoted text clipped - 34 lines]
> > Thank you,
> > Patrick Allmond
Reply to this Message
Joe Kaplan (MVP - ADSI) - 31 Oct 2005 19:37 GMT
You just enable Basic auth in IIS, disable anonymous, enable SSL and enable
Windows auth in ASP.NET.  From there, it just works.

Context.User will contain a WindowsPrincipal object that represents the
authenticated user.  The IsInRole method will answer true/false based on the
user's group membership.

It actually works exactly the same as IWA from a programming perspective.

Joe K.

> Thanks Joe (I think you have helped me before).
>
[quoted text clipped - 50 lines]
>> > Thank you,
>> > Patrick Allmond
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.