ASP security

Discussion in 'ASP .Net Security' started by Reza, May 25, 2005.

  1. Reza

    Reza Guest

    Hi

    I have two domains A and B. I logon to a computer which is in domain A as a
    user in domain B. When I connect to a web application in domain A it does not
    know my identity. If I logon to the same computer as a user in its native
    domain (domain A) everything is ok. Does somebody know in detail why this
    happens?

    Thanks.
    Reza.
     
    Reza, May 25, 2005
    #1
    1. Advertising

  2. Reza,
    So let me see if I understand you correctly:
    1. You have two domains (A & B). Are they NT Domains or 2K
    2. You must have a trust between these domains because a user from
    domain b can login to a computer from domain A.
    3. When you, as a User in A, hit the web application, from a computer
    in A, all works ok
    4. When you, as a User in B, hit the web application, from a computer
    in A, you get the NT Login box? Is that what you mean by "It doesnt know my
    identity".

    I would say this can be caused by a few things. The first think I would
    look at is the rights of the files/virtual directory to make sure that users
    from Domain B have rights to view them. I'm assuming this is an intranet
    application that uses NTLM Auth? Which flavor of IIS are you using?

    Hope I can help,

    --
    Duane Laflotte
    MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I

    http://www.criticalsites.com/dlaflotte


    "Reza" <> wrote in message
    news:...
    > Hi
    >
    > I have two domains A and B. I logon to a computer which is in domain A as

    a
    > user in domain B. When I connect to a web application in domain A it does

    not
    > know my identity. If I logon to the same computer as a user in its native
    > domain (domain A) everything is ok. Does somebody know in detail why this
    > happens?
    >
    > Thanks.
    > Reza.
     
    Duane Laflotte, May 25, 2005
    #2
    1. Advertising

  3. Reza

    Reza Guest

    Hello

    First of all thank you very much Duane for your reply. I am going to fully
    explain my network here. I have two domains, domain A and B. They are in two
    different forests. There is an outgoing trust from A to B so A trusts B and
    can authenticate it's users but not vice versa. All domains are in win2003
    functional level. Clients are WinXP. My IIS is in a computer in A , in domain
    controller of A I have AzMan. My web application passes credentials of the
    connected user to AzMan to check his acceess. Now we have 2 different
    conditions:

    1. If a user in A logs on to a computer in A his credentials will be passed
    from IIS to azman and is authenticated successfully. Note that I ALWAYS get
    user name password pop up window from IE. It does not matter I enter a user
    from A or B to this window. As long as I have logged on to the computer with
    a user from the same domain as computer is in, everything is fine.

    2. If a user in A logs on to a computer in B or a user in B logs on to a
    computer in A when the pop up window of IE appears regardless of whether you
    enter user from A or B it will raise an error.
    I hope I have clarified it fully.

    Thanks.
    Reza.




    "Duane Laflotte" wrote:

    > Reza,
    > So let me see if I understand you correctly:
    > 1. You have two domains (A & B). Are they NT Domains or 2K
    > 2. You must have a trust between these domains because a user from
    > domain b can login to a computer from domain A.
    > 3. When you, as a User in A, hit the web application, from a computer
    > in A, all works ok
    > 4. When you, as a User in B, hit the web application, from a computer
    > in A, you get the NT Login box? Is that what you mean by "It doesnt know my
    > identity".
    >
    > I would say this can be caused by a few things. The first think I would
    > look at is the rights of the files/virtual directory to make sure that users
    > from Domain B have rights to view them. I'm assuming this is an intranet
    > application that uses NTLM Auth? Which flavor of IIS are you using?
    >
    > Hope I can help,
    >
    > --
    > Duane Laflotte
    > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
    >
    > http://www.criticalsites.com/dlaflotte
    >
    >
    > "Reza" <> wrote in message
    > news:...
    > > Hi
    > >
    > > I have two domains A and B. I logon to a computer which is in domain A as

    > a
    > > user in domain B. When I connect to a web application in domain A it does

    > not
    > > know my identity. If I logon to the same computer as a user in its native
    > > domain (domain A) everything is ok. Does somebody know in detail why this
    > > happens?
    > >
    > > Thanks.
    > > Reza.

    >
    >
    >
     
    Reza, May 25, 2005
    #3
  4. Reza

    Ken Schaefer Guest

    Just with scenario 2 below. How can a user in A log onto a computer in B
    when the appropriate trust has not been configured? DomainB does not trust
    DomainA (you say you have a one-way forest trust in the reverse direction
    only), so DomainB would not accept the credentials of a user from DomainA

    Now, you say "an error is raised" - what is the error?

    Cheers
    Ken

    --
    Blog: www.adopenstatic.com/cs/blogs/ken/
    Web: www.adopenstatic.com


    "Reza" <> wrote in message
    news:...
    : Hello
    :
    : First of all thank you very much Duane for your reply. I am going to fully
    : explain my network here. I have two domains, domain A and B. They are in
    two
    : different forests. There is an outgoing trust from A to B so A trusts B
    and
    : can authenticate it's users but not vice versa. All domains are in win2003
    : functional level. Clients are WinXP. My IIS is in a computer in A , in
    domain
    : controller of A I have AzMan. My web application passes credentials of the
    : connected user to AzMan to check his acceess. Now we have 2 different
    : conditions:
    :
    : 1. If a user in A logs on to a computer in A his credentials will be
    passed
    : from IIS to azman and is authenticated successfully. Note that I ALWAYS
    get
    : user name password pop up window from IE. It does not matter I enter a
    user
    : from A or B to this window. As long as I have logged on to the computer
    with
    : a user from the same domain as computer is in, everything is fine.
    :
    : 2. If a user in A logs on to a computer in B or a user in B logs on to a
    : computer in A when the pop up window of IE appears regardless of whether
    you
    : enter user from A or B it will raise an error.
    : I hope I have clarified it fully.
    :
    : Thanks.
    : Reza.
    :
    :
    :
    :
    : "Duane Laflotte" wrote:
    :
    : > Reza,
    : > So let me see if I understand you correctly:
    : > 1. You have two domains (A & B). Are they NT Domains or 2K
    : > 2. You must have a trust between these domains because a user from
    : > domain b can login to a computer from domain A.
    : > 3. When you, as a User in A, hit the web application, from a
    computer
    : > in A, all works ok
    : > 4. When you, as a User in B, hit the web application, from a
    computer
    : > in A, you get the NT Login box? Is that what you mean by "It doesnt
    know my
    : > identity".
    : >
    : > I would say this can be caused by a few things. The first think I would
    : > look at is the rights of the files/virtual directory to make sure that
    users
    : > from Domain B have rights to view them. I'm assuming this is an
    intranet
    : > application that uses NTLM Auth? Which flavor of IIS are you using?
    : >
    : > Hope I can help,
    : >
    : > --
    : > Duane Laflotte
    : > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
    : >
    : > http://www.criticalsites.com/dlaflotte
    : >
    : >
    : > "Reza" <> wrote in message
    : > news:...
    : > > Hi
    : > >
    : > > I have two domains A and B. I logon to a computer which is in domain
    A as
    : > a
    : > > user in domain B. When I connect to a web application in domain A it
    does
    : > not
    : > > know my identity. If I logon to the same computer as a user in its
    native
    : > > domain (domain A) everything is ok. Does somebody know in detail why
    this
    : > > happens?
    : > >
    : > > Thanks.
    : > > Reza.
    : >
    : >
    : >
     
    Ken Schaefer, May 27, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    357
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,422
    Roedy Green
    Jan 28, 2006
  3. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    155
    Dinis Cruz
    Oct 11, 2003
  4. Michael Randrup
    Replies:
    3
    Views:
    308
    Henning Krause [MVP]
    Mar 27, 2006
  5. Kursat
    Replies:
    1
    Views:
    324
    Dominick Baier
    May 7, 2007
Loading...

Share This Page