IIS Authentication type for various areas

Discussion in 'ASP General' started by Anthony, Aug 22, 2004.

  1. Anthony

    Anthony Guest

    What is the best IIS auth type for my webpage? I need the following running
    on Windows 2000 / IIS 5 with an 2003 AD Domain.

    I need .Asps that will do the following administration tasks :

    Access to the LDAP Directory from an .ASP (To query the ServerVariable /
    Logon_User) and get their group memberships for access..
    Access to other servers file shares (Directly from ASP) (For logon script
    reporting on the \netlogon share for example)
    An ASP that must be able to reset users Domain passwords (Used only by the
    helpdesk with limited other access)

    If I choose Anonymous (With the IUSR_MACHINE Account) I can't get the
    LOGON_USER Variable... Nor can I query the LDAP Directory.

    If I choose Anonymous (Using a restricted Domain User ID) I still can't get
    the Logon_User Variable...but I can query LDAP

    If I choose Windows Auth : I can't pass credentials to the DC for LDAP
    queries.. (See my post on 8/17 subject :Double Hop Issue?) problem with
    Kerberos through VPN etc...

    If I choose Basic Auth users need to logon each time ...

    Should I try to learn about session cookies and use that to store
    credentials?

    I am so stuck here.. what's best practice? I know I can run a few pages
    (I.E. the password Reset Page) as a Domain Admin account (Under anonymous
    access)...

    but still am stuck as to how to pass the userId's all around the webpage to
    check for 'access' to other sections..

    How do people do this?
    Thank you in advance...

    I have all of the .asps writtin already and have access to a sql database if
    needed.. just need some general good advise on this..
    Anthony, Aug 22, 2004
    #1
    1. Advertising

  2. Anthony

    Ken Schaefer Guest

    At some point in time the users are going to have to logon. If you want to
    use Windows authentication, you will need to use Kerberos + Delegation if
    you want their credentials to flow through to remote servers.

    Otherwise, you can create a HTML form and have the users logon that way. Run
    the webpage as "anonymous", but using an appropriately privileged domain
    account that can connect to AD and verify the username/password submitted.

    Cheers
    Ken


    "Anthony" <> wrote in message
    news:OrgfUi%...
    > What is the best IIS auth type for my webpage? I need the following
    > running
    > on Windows 2000 / IIS 5 with an 2003 AD Domain.
    >
    > I need .Asps that will do the following administration tasks :
    >
    > Access to the LDAP Directory from an .ASP (To query the ServerVariable /
    > Logon_User) and get their group memberships for access..
    > Access to other servers file shares (Directly from ASP) (For logon script
    > reporting on the \netlogon share for example)
    > An ASP that must be able to reset users Domain passwords (Used only by the
    > helpdesk with limited other access)
    >
    > If I choose Anonymous (With the IUSR_MACHINE Account) I can't get the
    > LOGON_USER Variable... Nor can I query the LDAP Directory.
    >
    > If I choose Anonymous (Using a restricted Domain User ID) I still can't
    > get
    > the Logon_User Variable...but I can query LDAP
    >
    > If I choose Windows Auth : I can't pass credentials to the DC for LDAP
    > queries.. (See my post on 8/17 subject :Double Hop Issue?) problem with
    > Kerberos through VPN etc...
    >
    > If I choose Basic Auth users need to logon each time ...
    >
    > Should I try to learn about session cookies and use that to store
    > credentials?
    >
    > I am so stuck here.. what's best practice? I know I can run a few pages
    > (I.E. the password Reset Page) as a Domain Admin account (Under anonymous
    > access)...
    >
    > but still am stuck as to how to pass the userId's all around the webpage
    > to
    > check for 'access' to other sections..
    >
    > How do people do this?
    > Thank you in advance...
    >
    > I have all of the .asps writtin already and have access to a sql database
    > if
    > needed.. just need some general good advise on this..
    >
    >
    Ken Schaefer, Aug 23, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. pcouas
    Replies:
    2
    Views:
    1,181
    pcouas
    Jan 3, 2007
  2. sizeof(type) in various systems

    , Jun 24, 2004, in forum: C Programming
    Replies:
    5
    Views:
    385
    Dan Pop
    Jun 24, 2004
  3. QQ

    Functions that accept various type?

    QQ, Dec 11, 2004, in forum: C Programming
    Replies:
    8
    Views:
    344
    Old Wolf
    Dec 14, 2004
  4. Vikas Jain

    ASP.Net authentication for various OS

    Vikas Jain, Sep 26, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    103
    Fredrik Normén NSQUARED
    Sep 27, 2003
  5. Michael Brandt Lassen

    Forms authentication to secure various static content?

    Michael Brandt Lassen, Nov 24, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    256
    Michael Brandt Lassen
    Nov 24, 2005
Loading...

Share This Page