Using Active Directory

Discussion in 'ASP .Net Security' started by scsharma, Sep 19, 2005.

  1. scsharma

    scsharma Guest

    Hi,
    I am new to active directory world but based on what i know i am trying to
    achieve following:
    1. Look for user/groups on a windows 2000 machine which is not a PDC(primary
    domain controller). I created Directory entry object as follows:
    DirectoryEntry group = new
    DirectoryEntry("LDAP://CN=guests,DC=XXX.XXX.XX.X");
    where "X" is actual IP Address of machine.

    I ran into issues where i got exception saying "A referral was returned
    from the server" when following line was executed:
    object members = group.Invoke("Members",null);
    I am not sure if i can query PDC to look for users/groups on some other
    machine running in same domain. Can some one verify if that's possible. If
    yes then can you please direct me.

    2. I am trying to create a user interface which will allow user to create a
    subdirectory on machine running windows 2000 machine. Please note that my
    application would be running on windows XP. Using my UI user will, specify
    the ipaddress of windows 2000 on which finally subfolder will be created and
    users from that machines would be given permission on those folders.
    Is above requirement possible using C# in .net.
    --
    Thanks
    SCS
     
    scsharma, Sep 19, 2005
    #1
    1. Advertising

  2. Hi Sharmasu,

    Welcome to ASPNET newsgroup.
    Regarding on the two questions you mentioned, here are some of my
    suggestions;
    1. For AD query, generally there may occur some secuirty related issues
    when performing AD query in ASP.NET application since the security context
    in asp.net is different from desktop apps like winform or console. So I
    think we can first try testing the same code in winform or console app with
    proper logon user to see whethe the same rpoblem occurs. If the same
    problem remain, that means this is a AD specific problem, I'd recommend you
    try posting in the public.ADSI or public .ADSI.general newsgroup.

    2. Do you means you'd like to allow your asp.net application to create new
    directory on remote machine? If so, I'm afraid this is not quite a good
    idea since we need to consider many security things in such scenario.
    First, for manipulate directory on remote machine, we'll need to expose the
    remote directory (at least the most top level directory) through UNC share
    or WebDav share. Then, we can access or modify that directory from the
    asp.net application on separate machine. Also, we need to grant the
    ASP.NET's process identity the sufficient permissions on the remote
    macine(for that remote shared folder).

    Thanks,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)





    --------------------
    | Thread-Topic: Using Active Directory
    | thread-index: AcW9XPjaG4kI1EAVQtG9u1BTsm403A==
    | X-WBNR-Posting-Host: 12.109.44.8
    | From: "=?Utf-8?B?c2NzaGFybWE=?=" <>
    | Subject: Using Active Directory
    | Date: Mon, 19 Sep 2005 13:59:05 -0700
    | Lines: 25
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:6627
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | Hi,
    | I am new to active directory world but based on what i know i am trying
    to
    | achieve following:
    | 1. Look for user/groups on a windows 2000 machine which is not a
    PDC(primary
    | domain controller). I created Directory entry object as follows:
    | DirectoryEntry group = new
    | DirectoryEntry("LDAP://CN=guests,DC=XXX.XXX.XX.X");
    | where "X" is actual IP Address of machine.
    |
    | I ran into issues where i got exception saying "A referral was returned
    | from the server" when following line was executed:
    | object members = group.Invoke("Members",null);
    | I am not sure if i can query PDC to look for users/groups on some other
    | machine running in same domain. Can some one verify if that's possible.
    If
    | yes then can you please direct me.
    |
    | 2. I am trying to create a user interface which will allow user to create
    a
    | subdirectory on machine running windows 2000 machine. Please note that my
    | application would be running on windows XP. Using my UI user will,
    specify
    | the ipaddress of windows 2000 on which finally subfolder will be created
    and
    | users from that machines would be given permission on those folders.
    | Is above requirement possible using C# in .net.
    | --
    | Thanks
    | SCS
    |
     
    Steven Cheng[MSFT], Sep 20, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marty Underwood

    Active Directory using LDAP query

    Marty Underwood, Nov 27, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    624
    Marty Underwood
    Nov 27, 2003
  2. Federica
    Replies:
    0
    Views:
    584
    Federica
    Apr 18, 2004
  3. Andy
    Replies:
    1
    Views:
    498
  4. ejcosta
    Replies:
    2
    Views:
    885
    Eurico Costa
    Oct 8, 2004
  5. carlos seramos
    Replies:
    2
    Views:
    497
    carlos seramos
    Aug 1, 2003
Loading...

Share This Page