IIS Authentication type for various areas

A

Anthony

What is the best IIS auth type for my webpage? I need the following running
on Windows 2000 / IIS 5 with an 2003 AD Domain.

I need .Asps that will do the following administration tasks :

Access to the LDAP Directory from an .ASP (To query the ServerVariable /
Logon_User) and get their group memberships for access..
Access to other servers file shares (Directly from ASP) (For logon script
reporting on the \netlogon share for example)
An ASP that must be able to reset users Domain passwords (Used only by the
helpdesk with limited other access)

If I choose Anonymous (With the IUSR_MACHINE Account) I can't get the
LOGON_USER Variable... Nor can I query the LDAP Directory.

If I choose Anonymous (Using a restricted Domain User ID) I still can't get
the Logon_User Variable...but I can query LDAP

If I choose Windows Auth : I can't pass credentials to the DC for LDAP
queries.. (See my post on 8/17 subject :Double Hop Issue?) problem with
Kerberos through VPN etc...

If I choose Basic Auth users need to logon each time ...

Should I try to learn about session cookies and use that to store
credentials?

I am so stuck here.. what's best practice? I know I can run a few pages
(I.E. the password Reset Page) as a Domain Admin account (Under anonymous
access)...

but still am stuck as to how to pass the userId's all around the webpage to
check for 'access' to other sections..

How do people do this?
Thank you in advance...

I have all of the .asps writtin already and have access to a sql database if
needed.. just need some general good advise on this..
 
K

Ken Schaefer

At some point in time the users are going to have to logon. If you want to
use Windows authentication, you will need to use Kerberos + Delegation if
you want their credentials to flow through to remote servers.

Otherwise, you can create a HTML form and have the users logon that way. Run
the webpage as "anonymous", but using an appropriately privileged domain
account that can connect to AD and verify the username/password submitted.

Cheers
Ken
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top