ADSI

Discussion in 'ASP .Net Security' started by Chris, Nov 30, 2007.

  1. Chris

    Chris Guest

    Hi All,

    I have question about Active Directory. We have developed a site it has 75K
    users on SQL server 2005 associated with roles, now we are thinking to change
    it to Active directory is it good idea or bad idea? if it is good how to
    migrate it.

    Thanks in advance.

    Chris
    Chris, Nov 30, 2007
    #1
    1. Advertising

  2. Chris

    Joe Kaplan Guest

    You haven't given us enough information about what you are doing to provide
    you with a useful answer. In terms of size, 75K users is not really
    significant for AD from a size perspective. I wouldn't worry about that.

    Migration of users may be tricky, depending a great deal on how you have
    stored the users' passwords in SQL and whether your intent is for your users
    to have the same password they had before.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Chris" <> wrote in message
    news:...
    > Hi All,
    >
    > I have question about Active Directory. We have developed a site it has
    > 75K
    > users on SQL server 2005 associated with roles, now we are thinking to
    > change
    > it to Active directory is it good idea or bad idea? if it is good how to
    > migrate it.
    >
    > Thanks in advance.
    >
    > Chris
    Joe Kaplan, Nov 30, 2007
    #2
    1. Advertising

  3. Chris

    Chris Guest

    Joe ,

    Thanks for quick respone.

    We developed a site with public and privatre applications, for private
    applications user need to login those users paswwords we dont want to
    distrub, you are rite we want to use same passwords.

    Any kind of possible other solutions also welcome( there is no time
    constraint for development).

    Regards,
    Chris

    "Joe Kaplan" wrote:

    > You haven't given us enough information about what you are doing to provide
    > you with a useful answer. In terms of size, 75K users is not really
    > significant for AD from a size perspective. I wouldn't worry about that.
    >
    > Migration of users may be tricky, depending a great deal on how you have
    > stored the users' passwords in SQL and whether your intent is for your users
    > to have the same password they had before.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > http://www.directoryprogramming.net
    > --
    > "Chris" <> wrote in message
    > news:...
    > > Hi All,
    > >
    > > I have question about Active Directory. We have developed a site it has
    > > 75K
    > > users on SQL server 2005 associated with roles, now we are thinking to
    > > change
    > > it to Active directory is it good idea or bad idea? if it is good how to
    > > migrate it.
    > >
    > > Thanks in advance.
    > >
    > > Chris

    >
    >
    >
    Chris, Nov 30, 2007
    #3
  4. Chris

    Joe Kaplan Guest

    Can you provide more details on how the passwords are stored in the SQL
    database? If they are in plaintext or encrypted in a reversible format,
    then you should be able to recover them and use them provision identities in
    AD or ADAM such that the users will have the same username and password they
    used in SQL.

    However, if they are in some sort of 1 way hash format, then it might be
    very difficult to recover the plain text. That would make provisioning in
    AD very difficult.

    Username format might be a bit of a problem as well, depending the formats
    you allow in SQL. You would want those to be compatible with AD. ADAM
    gives you a little more flexibility here.

    I definitely recommend that you try to use the SQL and AD membership
    providers for the integration with your web application. They provide a
    nice abstraction layer over the user store that makes it easier for your
    application to not have to care where the users are stored. If you aren't
    using the membership providers now, I recommend that as your first step.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Chris" <> wrote in message
    news:...
    > Joe ,
    >
    > Thanks for quick respone.
    >
    > We developed a site with public and privatre applications, for private
    > applications user need to login those users paswwords we dont want to
    > distrub, you are rite we want to use same passwords.
    >
    > Any kind of possible other solutions also welcome( there is no time
    > constraint for development).
    >
    > Regards,
    > Chris
    >
    > "Joe Kaplan" wrote:
    >
    >> You haven't given us enough information about what you are doing to
    >> provide
    >> you with a useful answer. In terms of size, 75K users is not really
    >> significant for AD from a size perspective. I wouldn't worry about that.
    >>
    >> Migration of users may be tricky, depending a great deal on how you have
    >> stored the users' passwords in SQL and whether your intent is for your
    >> users
    >> to have the same password they had before.
    >>
    >> Joe K.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "Chris" <> wrote in message
    >> news:...
    >> > Hi All,
    >> >
    >> > I have question about Active Directory. We have developed a site it has
    >> > 75K
    >> > users on SQL server 2005 associated with roles, now we are thinking to
    >> > change
    >> > it to Active directory is it good idea or bad idea? if it is good how
    >> > to
    >> > migrate it.
    >> >
    >> > Thanks in advance.
    >> >
    >> > Chris

    >>
    >>
    >>
    Joe Kaplan, Nov 30, 2007
    #4
  5. Chris

    Chris Guest

    We are using username as firtsname.lastname password as plaintext. could
    you please provide me more information on using the SQL and AD membership
    providers for the integration with web application, how to implement it.

    aslo we want to use this AD for MOSS 2007, my question is do I need to have
    exchanger server for this to implementation, we are using this for government
    site.


    Regards,
    Chris





    "Joe Kaplan" wrote:

    > Can you provide more details on how the passwords are stored in the SQL
    > database? If they are in plaintext or encrypted in a reversible format,
    > then you should be able to recover them and use them provision identities in
    > AD or ADAM such that the users will have the same username and password they
    > used in SQL.
    >
    > However, if they are in some sort of 1 way hash format, then it might be
    > very difficult to recover the plain text. That would make provisioning in
    > AD very difficult.
    >
    > Username format might be a bit of a problem as well, depending the formats
    > you allow in SQL. You would want those to be compatible with AD. ADAM
    > gives you a little more flexibility here.
    >
    > I definitely recommend that you try to use the SQL and AD membership
    > providers for the integration with your web application. They provide a
    > nice abstraction layer over the user store that makes it easier for your
    > application to not have to care where the users are stored. If you aren't
    > using the membership providers now, I recommend that as your first step.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > http://www.directoryprogramming.net
    > --
    > "Chris" <> wrote in message
    > news:...
    > > Joe ,
    > >
    > > Thanks for quick respone.
    > >
    > > We developed a site with public and privatre applications, for private
    > > applications user need to login those users paswwords we dont want to
    > > distrub, you are rite we want to use same passwords.
    > >
    > > Any kind of possible other solutions also welcome( there is no time
    > > constraint for development).
    > >
    > > Regards,
    > > Chris
    > >
    > > "Joe Kaplan" wrote:
    > >
    > >> You haven't given us enough information about what you are doing to
    > >> provide
    > >> you with a useful answer. In terms of size, 75K users is not really
    > >> significant for AD from a size perspective. I wouldn't worry about that.
    > >>
    > >> Migration of users may be tricky, depending a great deal on how you have
    > >> stored the users' passwords in SQL and whether your intent is for your
    > >> users
    > >> to have the same password they had before.
    > >>
    > >> Joe K.
    > >>
    > >> --
    > >> Joe Kaplan-MS MVP Directory Services Programming
    > >> Co-author of "The .NET Developer's Guide to Directory Services
    > >> Programming"
    > >> http://www.directoryprogramming.net
    > >> --
    > >> "Chris" <> wrote in message
    > >> news:...
    > >> > Hi All,
    > >> >
    > >> > I have question about Active Directory. We have developed a site it has
    > >> > 75K
    > >> > users on SQL server 2005 associated with roles, now we are thinking to
    > >> > change
    > >> > it to Active directory is it good idea or bad idea? if it is good how
    > >> > to
    > >> > migrate it.
    > >> >
    > >> > Thanks in advance.
    > >> >
    > >> > Chris
    > >>
    > >>
    > >>

    >
    >
    >
    Chris, Nov 30, 2007
    #5
  6. Chris

    Joe Kaplan Guest

    I'd suggest reading the patterns and practices guidance documentation on
    using the ASP.NET membership provider framework. There is a ton written on
    this topic and you'll get better information by reading the existing
    documentation than by asking such a broad question on the newsgroups. The
    newsgroups are much better for asking specific technical questions. Google
    will find the P&P docs very easily for you.

    Since your passwords are stored in plain text, it should not be difficult to
    provision matching users in AD. You'll just need some sort of script to do
    it.

    You don't need Exchange unless you want to use Exchange to provision the AD
    users with mailboxes or use Exchange for some other email routing feature.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Chris" <> wrote in message
    news:...
    >
    > We are using username as firtsname.lastname password as plaintext. could
    > you please provide me more information on using the SQL and AD membership
    > providers for the integration with web application, how to implement it.
    >
    > aslo we want to use this AD for MOSS 2007, my question is do I need to
    > have
    > exchanger server for this to implementation, we are using this for
    > government
    > site.
    >
    >
    > Regards,
    > Chris
    >
    >
    >
    >
    >
    > "Joe Kaplan" wrote:
    >
    >> Can you provide more details on how the passwords are stored in the SQL
    >> database? If they are in plaintext or encrypted in a reversible format,
    >> then you should be able to recover them and use them provision identities
    >> in
    >> AD or ADAM such that the users will have the same username and password
    >> they
    >> used in SQL.
    >>
    >> However, if they are in some sort of 1 way hash format, then it might be
    >> very difficult to recover the plain text. That would make provisioning
    >> in
    >> AD very difficult.
    >>
    >> Username format might be a bit of a problem as well, depending the
    >> formats
    >> you allow in SQL. You would want those to be compatible with AD. ADAM
    >> gives you a little more flexibility here.
    >>
    >> I definitely recommend that you try to use the SQL and AD membership
    >> providers for the integration with your web application. They provide a
    >> nice abstraction layer over the user store that makes it easier for your
    >> application to not have to care where the users are stored. If you
    >> aren't
    >> using the membership providers now, I recommend that as your first step.
    >>
    >> Joe K.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "Chris" <> wrote in message
    >> news:...
    >> > Joe ,
    >> >
    >> > Thanks for quick respone.
    >> >
    >> > We developed a site with public and privatre applications, for private
    >> > applications user need to login those users paswwords we dont want to
    >> > distrub, you are rite we want to use same passwords.
    >> >
    >> > Any kind of possible other solutions also welcome( there is no time
    >> > constraint for development).
    >> >
    >> > Regards,
    >> > Chris
    >> >
    >> > "Joe Kaplan" wrote:
    >> >
    >> >> You haven't given us enough information about what you are doing to
    >> >> provide
    >> >> you with a useful answer. In terms of size, 75K users is not really
    >> >> significant for AD from a size perspective. I wouldn't worry about
    >> >> that.
    >> >>
    >> >> Migration of users may be tricky, depending a great deal on how you
    >> >> have
    >> >> stored the users' passwords in SQL and whether your intent is for your
    >> >> users
    >> >> to have the same password they had before.
    >> >>
    >> >> Joe K.
    >> >>
    >> >> --
    >> >> Joe Kaplan-MS MVP Directory Services Programming
    >> >> Co-author of "The .NET Developer's Guide to Directory Services
    >> >> Programming"
    >> >> http://www.directoryprogramming.net
    >> >> --
    >> >> "Chris" <> wrote in message
    >> >> news:...
    >> >> > Hi All,
    >> >> >
    >> >> > I have question about Active Directory. We have developed a site it
    >> >> > has
    >> >> > 75K
    >> >> > users on SQL server 2005 associated with roles, now we are thinking
    >> >> > to
    >> >> > change
    >> >> > it to Active directory is it good idea or bad idea? if it is good
    >> >> > how
    >> >> > to
    >> >> > migrate it.
    >> >> >
    >> >> > Thanks in advance.
    >> >> >
    >> >> > Chris
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
    Joe Kaplan, Nov 30, 2007
    #6
  7. On Nov 30, 5:08 pm, Chris <> wrote:
    > We are using username as firtsname.lastname password as plaintext. could
    > you please provide me more information on using the SQL and AD membership
    > providers for the integration with web application, how to implement it.
    >
    > aslo we want to use this AD for MOSS 2007, my question is do I need to have
    > exchanger server for this to implementation, we are using this for government
    > site.
    >
    > Regards,
    > Chris
    >
    >
    >
    > "Joe Kaplan" wrote:
    > > Can you provide more details on how the passwords are stored in the SQL
    > > database? If they are in plaintext or encrypted in a reversible format,
    > > then you should be able to recover them and use them provision identities in
    > > AD or ADAM such that the users will have the same username and password they
    > > used in SQL.

    >
    > > However, if they are in some sort of 1 way hash format, then it might be
    > > very difficult to recover the plain text. That would make provisioning in
    > > AD very difficult.

    >
    > > Username format might be a bit of a problem as well, depending the formats
    > > you allow in SQL. You would want those to be compatible with AD. ADAM
    > > gives you a little more flexibility here.

    >
    > > I definitely recommend that you try to use the SQL and AD membership
    > > providers for the integration with your web application. They provide a
    > > nice abstraction layer over the user store that makes it easier for your
    > > application to not have to care where the users are stored. If you aren't
    > > using the membership providers now, I recommend that as your first step.

    >
    > > Joe K.

    >
    > > --
    > > Joe Kaplan-MS MVP Directory Services Programming
    > > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > >http://www.directoryprogramming.net
    > > --
    > > "Chris" <> wrote in message
    > >news:...
    > > > Joe ,

    >
    > > > Thanks for quick respone.

    >
    > > > We developed a site with public and privatre applications, for private
    > > > applications user need to login those users paswwords we dont want to
    > > > distrub, you are rite we want to use same passwords.

    >
    > > > Any kind of possible other solutions also welcome( there is no time
    > > > constraint for development).

    >
    > > > Regards,
    > > > Chris

    >
    > > > "Joe Kaplan" wrote:

    >
    > > >> You haven't given us enough information about what you are doing to
    > > >> provide
    > > >> you with a useful answer. In terms of size, 75K users is not really
    > > >> significant for AD from a size perspective. I wouldn't worry about that.

    >
    > > >> Migration of users may be tricky, depending a great deal on how you have
    > > >> stored the users' passwords in SQL and whether your intent is for your
    > > >> users
    > > >> to have the same password they had before.

    >
    > > >> Joe K.

    >
    > > >> --
    > > >> Joe Kaplan-MS MVP Directory Services Programming
    > > >> Co-author of "The .NET Developer's Guide to Directory Services
    > > >> Programming"
    > > >>http://www.directoryprogramming.net
    > > >> --
    > > >> "Chris" <> wrote in message
    > > >>news:...
    > > >> > Hi All,

    >
    > > >> > I have question about Active Directory. We have developed a site it has
    > > >> > 75K
    > > >> > users on SQL server 2005 associated with roles, now we are thinking to
    > > >> > change
    > > >> > it to Active directory is it good idea or bad idea? if it is good how
    > > >> > to
    > > >> > migrate it.

    >
    > > >> > Thanks in advance.

    >
    > > >> > Chris- Hide quoted text -

    >
    > - Show quoted text -


    Chris, from what was written above I see no clear case to migrate to
    AD.

    If you need it for integration with MOSS only, then I'm not sure if AD
    will be the best way in that case. SharePoint imports users from AD to
    the own SQL database, and it means AD will be as an intermediate-level
    "database" there. Moreover, SharePoint can obtain users connecting
    with AspNetSqlMembershipProvider to either the local or remote
    instance of SQL Server.
    Alexey Smirnov, Dec 5, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Justin Rich

    ADSI - Syntax for msExchTurfListNames

    Justin Rich, Jun 26, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    957
    Justin Rich
    Jun 26, 2003
  2. khaja shaik

    ADSI/LDAP Query

    khaja shaik, Jul 21, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    610
    khaja shaik
    Jul 21, 2003
  3. Roy Osherove

    Access Denied for WMI/ADSI over ASP.Net

    Roy Osherove, Sep 9, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    7,118
    s.becker
    Sep 14, 2003
  4. venkat

    Retrieve logon user name from ADSI

    venkat, Nov 6, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    457
    venkat
    Nov 6, 2003
  5. shiv

    ADSI - User A/c Info Question

    shiv, Nov 14, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    342
    Natty Gur
    Nov 16, 2003
Loading...

Share This Page