Hi there.
I have the following environment:
Active Directory running on Windows 2000. There is a root domain called
ad.sys and within this root domain there are the following subdomains:
dom1.ad.sys
dom2.ad.sys
dom3.ad.sys
I need to restrict access to a certain part of a ASP.NET page to some
admin user and check their password agains the windows domain.
IIS Authentication doesnt seem to be an option, I cant seem to supply
several domains.
One possilbe way would probably be:
In the database have a list of names which have access to the admin
part. When the login name matches one of that list make an connection to
the domain and check the passwort. Connection could be ldap.
Is this procedure valid? Any other ideas?
If this is a valid way, how do I connect to another domains? If the
webpage runs in one or none of those domains. I tried
System.DirectoryServices.DirectoryEntry de = new DirectoryEntry
("ldap://servername/OU=Administrators,OU=Site,OU=Country,DC=dom1,DC=ad ,D
C=sys", "DOM1\ldapuser", "Idontknow");
But when I try to access de.Children I get an error saying
System.Runtime.InteropServices.COMExcpetion ocured in
system.directoryservices.dll
Additional Information: Unknow error (0x80050000)
When I use a ldap client on my workstation which is in neither of these
domains I can connect and get the data.
Anyone knows whats going on or how I should do this?
--
mfg
Marc Eggenberger
3  3102 
AD question are best answwer in the
microsoft.public.active.directory.interfaces newsgroup. I am sure the two
Joe's will be able to give you a complete answer.
--
HTH
Ollie Riches http://www.phoneanalyser.net
Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a programmer
helping programmers.
"Marc Eggenberger" <ma**************@remove.itc.alstom.com> wrote in message
news:MP************************@iww.cacti.ch.alsto m.com... Hi there.
I have the following environment:
Active Directory running on Windows 2000. There is a root domain called
ad.sys and within this root domain there are the following subdomains:
dom1.ad.sys
dom2.ad.sys
dom3.ad.sys
I need to restrict access to a certain part of a ASP.NET page to some
admin user and check their password agains the windows domain.
IIS Authentication doesnt seem to be an option, I cant seem to supply
several domains.
One possilbe way would probably be:
In the database have a list of names which have access to the admin
part. When the login name matches one of that list make an connection to
the domain and check the passwort. Connection could be ldap.
Is this procedure valid? Any other ideas?
If this is a valid way, how do I connect to another domains? If the
webpage runs in one or none of those domains. I tried
System.DirectoryServices.DirectoryEntry de = new DirectoryEntry
("ldap://servername/OU=Administrators,OU=Site,OU=Country,DC=dom1,DC=ad ,D
C=sys", "DOM1\ldapuser", "Idontknow");
But when I try to access de.Children I get an error saying
System.Runtime.InteropServices.COMExcpetion ocured in
system.directoryservices.dll
Additional Information: Unknow error (0x80050000)
When I use a ldap client on my workstation which is in neither of these
domains I can connect and get the data.
Anyone knows whats going on or how I should do this?
--
mfg
Marc Eggenberger
Marc,
I'm not an expert on AD, but I think that the reason your call to get
the DirectoryEntry fails is because by default, the ASP.NET process runs
under the local user ASPNET, which doesn't have network permissions. You
can impersonate another user to run under for this operation. Check out the
documentation for the Impersonate method on the WindowsIdentity class to see
how to do this.
You can also impersonate a user for all the pages in a directory by
setting the <identity> tag in the web.config file for the directory, but
that would mean all pages run as that user, which might not be such a good
idea.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Marc Eggenberger" <ma**************@remove.itc.alstom.com> wrote in message
news:MP************************@iww.cacti.ch.alsto m.com... Hi there.
I have the following environment:
Active Directory running on Windows 2000. There is a root domain called
ad.sys and within this root domain there are the following subdomains:
dom1.ad.sys
dom2.ad.sys
dom3.ad.sys
I need to restrict access to a certain part of a ASP.NET page to some
admin user and check their password agains the windows domain.
IIS Authentication doesnt seem to be an option, I cant seem to supply
several domains.
One possilbe way would probably be:
In the database have a list of names which have access to the admin
part. When the login name matches one of that list make an connection to
the domain and check the passwort. Connection could be ldap.
Is this procedure valid? Any other ideas?
If this is a valid way, how do I connect to another domains? If the
webpage runs in one or none of those domains. I tried
System.DirectoryServices.DirectoryEntry de = new DirectoryEntry
("ldap://servername/OU=Administrators,OU=Site,OU=Country,DC=dom1,DC=ad ,D
C=sys", "DOM1\ldapuser", "Idontknow");
But when I try to access de.Children I get an error saying
System.Runtime.InteropServices.COMExcpetion ocured in
system.directoryservices.dll
Additional Information: Unknow error (0x80050000)
When I use a ldap client on my workstation which is in neither of these
domains I can connect and get the data.
Anyone knows whats going on or how I should do this?
--
mfg
Marc Eggenberger
"Marc Eggenberger" <ma**************@remove.itc.alstom.com> wrote in message
news:MP************************@iww.cacti.ch.alsto m.com... Hi there.
I have the following environment:
Active Directory running on Windows 2000. There is a root domain called
ad.sys and within this root domain there are the following subdomains:
dom1.ad.sys
dom2.ad.sys
dom3.ad.sys
I need to restrict access to a certain part of a ASP.NET page to some
admin user and check their password agains the windows domain.
IIS Authentication doesnt seem to be an option, I cant seem to supply
several domains.
One possilbe way would probably be:
In the database have a list of names which have access to the admin
part. When the login name matches one of that list make an connection to
the domain and check the passwort. Connection could be ldap.
Is this procedure valid? Any other ideas?
If this is a valid way, how do I connect to another domains? If the
webpage runs in one or none of those domains. I tried
System.DirectoryServices.DirectoryEntry de = new DirectoryEntry
("ldap://servername/OU=Administrators,OU=Site,OU=Country,DC=dom1,DC=ad ,D
C=sys", "DOM1\ldapuser", "Idontknow");
But when I try to access de.Children I get an error saying
System.Runtime.InteropServices.COMExcpetion ocured in
system.directoryservices.dll
Additional Information: Unknow error (0x80050000)
When I use a ldap client on my workstation which is in neither of these
domains I can connect and get the data.
Anyone knows whats going on or how I should do this?
--
mfg
Marc Eggenberger
If this works from a console program:
System.DirectoryServices.DirectoryEntry de = new DirectoryEntry
("ldap://servername/OU=Administrators,OU=Site,OU=Country,DC=dom1,DC=ad ,D
C=sys", "DOM1\ldapuser", "Idontknow");
it should also work from asp.net, using the exact same bind string of
course.
Are you sure it fails when calling de.Children?
Willy. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Bud |
last post by:
I would like to be able to pass a request to IIS to have a user name and
password authenticated against my Active Directory Users database. I'm
running Server 2003 however my web pages are build...
|
by: Sync Walantaji |
last post by:
Hi,
I would like to write a asp.net winform program to authenticate users
on Active Directory.
Can I do this with asp.net if the IIS server is not part of the Active
directory domain?
Is...
|
by: Minal |
last post by:
Hello,
I've a ASP.net Web application running on one machine and I've 2 active
directories which are in 2 different domains. So in all 3 domains. I want my
application to create a new user in...
|
by: B111Gates |
last post by:
OK I know this is a complex question so I will break it up.
I know that SSPI is the prefered method of authentication, however if I
use the sample provide by MS I cannot authenticate across...
|
by: kevin.vaughan |
last post by:
Hello Everyone,
Is it possible to authenticate the windows password through Active
Directory?
If so, how would this be done.
I have a login screen in my application and am trying to set it up...
|
by: dorrit.Riemenschneider |
last post by:
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:
Private bool ValidateUser (string username, string password)
{
DirectoryEntry...
|
by: Michael Howes |
last post by:
I would think this would be very, very easy but in the 50 searches
I've done I haven't found anything.
If our application requires login and that user/password be a local
windows account or more...
|
by: JeremyPollack |
last post by:
Here's the situation :
I have the same ASP.NET 2.0 web application running on both Machine A
and Machine B. On both machines, I have Integrated Windows
Authentication turned on, and Anonymous...
|
by: JustRun |
last post by:
Hi,
I'm developing a windows application using VC#, I need to authenticate user throught their credentials in the Active Dirctory,
I try to let the login form "user name" take automaticaly the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
