DirectotyEntry and .NET Remoting

G

Guest

Hi

I have hosted my .NET remote application in IIS 5.0 and the remote client is a ASP.NET application running on a different
Win2K server. The .NET remoting application runs with the logged on user's credentials.

Requirement

From the .NET remoting application I would like to query the Active Directory located on the Domain Controller. Since the logged on user account does not have privileges to query the active directory, I would like to use a different domain user account to query the active directory

Can I create System.DirectoryServices.DirectoryEntry object by passing the <root path>,<username> and <password> to the class constructor and query the Active Directory? <user name> is a account different from the currently logged on user

Any suggestions and pointers are welcome

Regards
Magdeli
 
S

Steven Cheng[MSFT]

Hi Magdelin,

As for the Active directory querying via System.DirectoryService namespace,
it seems that all of them only contains the interfaces for querying or
updating data in ActiveDirectory but not provide any means to speicfy
security account as far as I known. Regarding on your situation ,I think
you still should use LogonUser Api to manually impersonate the
..net remoting app's current context's User as the high privileged account.
And don't forget to grant the suffecient permission to the process Account
in machine.config so as to call the impersonate api(just like in asp.net
web application).

Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 
G

Guest

Hi Steven

Thanks a lot for your response. Since it has been impossible for me to convince my security group to grant me SE_TCB_NAME privilege for impersonating with LogonUser API, I have no choice than to skip impersonation while querying AD. And since the requirement for updating the Active Directory is also refused by the security group, I thought I will just use the DirectoryEntry constructor to pass the credentials of a domain account, explicitly created for querying AD.

I work in a highly secure network and I don't have an opportunity to test concepts on the production servers. I do not have a test environment setup yet. So, I would like to know if I can use System.DirectoryServices.DirectoryEntry object to query the AD with a different domain account, other than the current logged on user credentials. I am trying to convince my security group that the user name and password of the new account will be encrypted with MS DPAPI and stored in the web.config of the .NET Remote application. If they are convinced I can use the DirectoryEntry class to implement my requirement

I really appreciate your help and timely response

Regards
Magdeli

----- Steven Cheng[MSFT] wrote: ----

Hi Magdelin

As for the Active directory querying via System.DirectoryService namespace,
it seems that all of them only contains the interfaces for querying or
updating data in ActiveDirectory but not provide any means to speicfy
security account as far as I known. Regarding on your situation ,I think
you still should use LogonUser Api to manually impersonate the
.net remoting app's current context's User as the high privileged account.
And don't forget to grant the suffecient permission to the process Account
in machine.config so as to call the impersonate api(just like in asp.net
web application).

Thanks

Regards

Steven Chen
Microsoft Online Suppor

Get Secure! www.microsoft.com/securit
(This posting is provided "AS IS", with no warranties, and confers no
rights.

Get Preview at ASP.NET whidbe
http://msdn.microsoft.com/asp.net/whidbey/default.asp
 
S

Steven Cheng[MSFT]

Hi Magdelin,

Thanks for the followup and it's my pleasure to assist you. Anyway, as for
such security issues , mostly a simple test will helps more. Also, if you
still have any other questions next time, please always feel free to post
in the group.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Create a Virtual Directroy in IIS through .net Remoting 0
Remoting Problem 15
.net Remoting in IIS 0
Asp.net and .Net Remoting 0
Remoting crashes IIS 0
.net remoting and tcp listener socket 2
WindowsIdentity... ASP.NET and Remoting 0
.Net Remoting 1

Members online

Total: 28 (members: 1, guests: 27)
Robots: 417

Forum statistics

Threads
473,770
Messages
2,569,584
Members
45,075
Latest member
MakersCBDBloodSupport

Latest Threads

Top