Urgent: Connecting to active directory using cached credentials

[Chris L]

Hello,

I'm hoping to find out if it is possible to connect
within an ASP.NET application to Active Directory with
the credentials of the person who accessed the ASP.NET
application via IIS, using windows integrated
authentication.

I've tried using ADO, ADSI, and Directory Services, but I
have yet to find a way to connect to active directory
with the security token created by IIS, when the user
accesses the ASP.NET application with windows integrated
authentication.

Being able to do this is a pretty urgent problem, so any
help anyone could provide would be extremely appreciated.

Thank you!
-Chris

 

[Guest]

I'm hoping to find out if it is possible to connect

within an ASP.NET application to Active Directory with
the credentials of the person who accessed the ASP.NET
application via IIS, using windows integrated
authentication.

I've tried using ADO, ADSI, and Directory Services, but I
have yet to find a way to connect to active directory
with the security token created by IIS, when the user
accesses the ASP.NET application with windows integrated
authentication.

Being able to do this is a pretty urgent problem, so any
help anyone could provide would be extremely appreciated.

I also posted this question to general.adsi.

-Chris

 

[Patrick.O.Ige]

Are u interested in Forms or wINDOWS aUTHENTICATION?'

 

[Scott Allen]

Hi Chris:

The problem you are probably facing is the one hop limit of NTLM
authentication. The user's credentials make one hop from the browser
to the web server, and the web server can use those credentials
impersonate the user on the web server. However, the server cannot use
those credentials to make a second hop to the AD controller.

One way around this is to move up one step from impersonation to
delegation.

See:
How To Configure an ASP.NET Application for a Delegation Scenario.
http://support.microsoft.com/default.aspx?scid=kb;en-us;810572

HTH