By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,506 Members | 1,876 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,506 IT Pros & Developers. It's quick & easy.

DirectotyEntry and .NET Remoting

P: n/a
Hi

I have hosted my .NET remote application in IIS 5.0 and the remote client is a ASP.NET application running on a different
Win2K server. The .NET remoting application runs with the logged on user's credentials.

Requirement

From the .NET remoting application I would like to query the Active Directory located on the Domain Controller. Since the logged on user account does not have privileges to query the active directory, I would like to use a different domain user account to query the active directory

Can I create System.DirectoryServices.DirectoryEntry object by passing the <root path>,<username> and <password> to the class constructor and query the Active Directory? <user name> is a account different from the currently logged on user

Any suggestions and pointers are welcome

Regards
Magdeli
Nov 18 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi Magdelin,

As for the Active directory querying via System.DirectoryService namespace,
it seems that all of them only contains the interfaces for querying or
updating data in ActiveDirectory but not provide any means to speicfy
security account as far as I known. Regarding on your situation ,I think
you still should use LogonUser Api to manually impersonate the
..net remoting app's current context's User as the high privileged account.
And don't forget to grant the suffecient permission to the process Account
in machine.config so as to call the impersonate api(just like in asp.net
web application).

Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
Nov 18 '05 #2

P: n/a
Hi Steven

Thanks a lot for your response. Since it has been impossible for me to convince my security group to grant me SE_TCB_NAME privilege for impersonating with LogonUser API, I have no choice than to skip impersonation while querying AD. And since the requirement for updating the Active Directory is also refused by the security group, I thought I will just use the DirectoryEntry constructor to pass the credentials of a domain account, explicitly created for querying AD.

I work in a highly secure network and I don't have an opportunity to test concepts on the production servers. I do not have a test environment setup yet. So, I would like to know if I can use System.DirectoryServices.DirectoryEntry object to query the AD with a different domain account, other than the current logged on user credentials. I am trying to convince my security group that the user name and password of the new account will be encrypted with MS DPAPI and stored in the web.config of the .NET Remote application. If they are convinced I can use the DirectoryEntry class to implement my requirement

I really appreciate your help and timely response

Regards
Magdeli

----- Steven Cheng[MSFT] wrote: ----

Hi Magdelin

As for the Active directory querying via System.DirectoryService namespace,
it seems that all of them only contains the interfaces for querying or
updating data in ActiveDirectory but not provide any means to speicfy
security account as far as I known. Regarding on your situation ,I think
you still should use LogonUser Api to manually impersonate the
.net remoting app's current context's User as the high privileged account.
And don't forget to grant the suffecient permission to the process Account
in machine.config so as to call the impersonate api(just like in asp.net
web application).

Thanks

Regards

Steven Chen
Microsoft Online Suppor

Get Secure! www.microsoft.com/securit
(This posting is provided "AS IS", with no warranties, and confers no
rights.

Get Preview at ASP.NET whidbe
http://msdn.microsoft.com/asp.net/whidbey/default.asp

Nov 18 '05 #3

P: n/a
Hi Magdelin,

Thanks for the followup and it's my pleasure to assist you. Anyway, as for
such security issues , mostly a simple test will helps more. Also, if you
still have any other questions next time, please always feel free to post
in the group.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.