Help with A.D. and ASP.Net

Discussion in 'ASP .Net Security' started by Reas, Aug 23, 2004.

  1. Reas

    Reas Guest

    Hi, I'm trying to validate the user credentials against an Active Directory,
    I've seen some demos around but in the enviroment I'm going to be working on,
    most users have restrictions that prohibit them to logon to certain
    machines/servers, so, my question is, should I have to do something special
    to validate the credentials when the user has these restrictions?

    Once I tried to execute LogonUser API on the server, but it always returned
    false even if the credentials were right because that user didn't have the
    permission to log on to the server, so, In ADSI there would be such problems?
    as this executes on the server.

    Thanks in advance.
    --
    Reas
     
    Reas, Aug 23, 2004
    #1
    1. Advertising

  2. It is really better from a security standpoint to use LogonUser (or just use
    built-in Windows security in IIS) to do your authentiation. Is it possible
    that you could convince the admins to let normal users logon locally? They
    don't need interactive logon rights (they can have logon batch for
    example).

    Joe K.

    "Reas" <> wrote in message
    news:...
    > Hi, I'm trying to validate the user credentials against an Active

    Directory,
    > I've seen some demos around but in the enviroment I'm going to be working

    on,
    > most users have restrictions that prohibit them to logon to certain
    > machines/servers, so, my question is, should I have to do something

    special
    > to validate the credentials when the user has these restrictions?
    >
    > Once I tried to execute LogonUser API on the server, but it always

    returned
    > false even if the credentials were right because that user didn't have the
    > permission to log on to the server, so, In ADSI there would be such

    problems?
    > as this executes on the server.
    >
    > Thanks in advance.
    > --
    > Reas
     
    Joe Kaplan \(MVP - ADSI\), Aug 23, 2004
    #2
    1. Advertising

  3. Reas

    Dan Amiga Guest

    A. You can use LDAP or ADSI ( Make sure the ASPNET user or your dedicated
    IIS process user has permissions to query the AD ).

    B. I think S4U kerberos can help you a-lot. try looking for it at
    http://msdn.microsoft.com/msdnmag

    let me know...

    Dan Amiga

    Ness Technologies
    ..NET Consultant
    Israel


    ----- Original Message -----
    From: "Reas" <>
    Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    Sent: Monday, August 23, 2004 3:59 AM
    Subject: Help with A.D. and ASP.Net


    > Hi, I'm trying to validate the user credentials against an Active

    Directory,
    > I've seen some demos around but in the enviroment I'm going to be working

    on,
    > most users have restrictions that prohibit them to logon to certain
    > machines/servers, so, my question is, should I have to do something

    special
    > to validate the credentials when the user has these restrictions?
    >
    > Once I tried to execute LogonUser API on the server, but it always

    returned
    > false even if the credentials were right because that user didn't have the
    > permission to log on to the server, so, In ADSI there would be such

    problems?
    > as this executes on the server.
    >
    > Thanks in advance.
    > --
    > Reas
     
    Dan Amiga, Aug 25, 2004
    #3
  4. In the local security policy, you would add whatever groups or users you
    need to "Log on as a batch job" as opposed to log on as a service or log on
    locally.

    Joe K.

    "Reas" <> wrote in message
    news:D...
    > Joe,
    > How do I go about creating a logon batch?
    >
    >
    > Regards,
    > Reas
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    > > It is really better from a security standpoint to use LogonUser (or just

    use
    > > built-in Windows security in IIS) to do your authentiation. Is it

    possible
    > > that you could convince the admins to let normal users logon locally?

    They
    > > don't need interactive logon rights (they can have logon batch for
    > > example).
    > >
    > > Joe K.
    > >
    > > "Reas" <> wrote in message
    > > news:...
    > > > Hi, I'm trying to validate the user credentials against an Active

    > > Directory,
    > > > I've seen some demos around but in the enviroment I'm going to be

    working
    > > on,
    > > > most users have restrictions that prohibit them to logon to certain
    > > > machines/servers, so, my question is, should I have to do something

    > > special
    > > > to validate the credentials when the user has these restrictions?
    > > >
    > > > Once I tried to execute LogonUser API on the server, but it always

    > > returned
    > > > false even if the credentials were right because that user didn't have

    the
    > > > permission to log on to the server, so, In ADSI there would be such

    > > problems?
    > > > as this executes on the server.
    > > >
    > > > Thanks in advance.
    > > > --
    > > > Reas

    > >
    > >
    > >
     
    Joe Kaplan \(MVP - ADSI\), Aug 30, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben
    Replies:
    3
    Views:
    1,228
  2. Bonggoy Cruz
    Replies:
    7
    Views:
    4,047
    =?Utf-8?B?RHVzdGluIHZhbiBkZSBTYW5kZSBbTUNBRF0=?=
    Apr 14, 2006
  3. Ken
    Replies:
    2
    Views:
    349
  4. Martin Erskine

    Help! - ASP.NET cannot 'Temporary ASP NET Files'

    Martin Erskine, Sep 17, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    165
    Martin Erskine
    Sep 17, 2003
  5. Amelyan
    Replies:
    2
    Views:
    206
    Amelyan
    Apr 25, 2005
Loading...

Share This Page