Help with A.D. and ASP.Net

[Reas]

Hi, I'm trying to validate the user credentials against an Active Directory,
I've seen some demos around but in the enviroment I'm going to be working on,
most users have restrictions that prohibit them to logon to certain
machines/servers, so, my question is, should I have to do something special
to validate the credentials when the user has these restrictions?

Once I tried to execute LogonUser API on the server, but it always returned
false even if the credentials were right because that user didn't have the
permission to log on to the server, so, In ADSI there would be such problems?
as this executes on the server.

Thanks in advance.

 

[Joe Kaplan \(MVP - ADSI\)]

It is really better from a security standpoint to use LogonUser (or just use
built-in Windows security in IIS) to do your authentiation. Is it possible
that you could convince the admins to let normal users logon locally? They
don't need interactive logon rights (they can have logon batch for
example).

Joe K.

 

[Dan Amiga]

A. You can use LDAP or ADSI ( Make sure the ASPNET user or your dedicated
IIS process user has permissions to query the AD ).

B. I think S4U kerberos can help you a-lot. try looking for it at
http://msdn.microsoft.com/msdnmag

let me know...

Dan Amiga
(e-mail address removed)
Ness Technologies
..NET Consultant
Israel


----- Original Message -----
From: "Reas" <[email protected]>
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Sent: Monday, August 23, 2004 3:59 AM
Subject: Help with A.D. and ASP.Net

 

[Joe Kaplan \(MVP - ADSI\)]

In the local security policy, you would add whatever groups or users you
need to "Log on as a batch job" as opposed to log on as a service or log on
locally.

Joe K.