The first option that comes to mind is using Enterprise Services (ie, COM+)
for the authentication and setting the user of the application to a
priveleged acount that can run the user check). The web app is then divorced
from the authentication process, allowing it more authority to do the check.
Giving the web app more priveges (not easy) is not a good option, however.
---
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
[quoted text, click to view] "Fredrik Elestedt" wrote:
> Hi,
>
> I've been trying to use FormsAuthentication agains windows users and
> groups - not Active Directory.
> I couldn't find any articles on this directly, not to say that there aren't
> any out there, if you know of one - please let me know.
> Anyways - the problem I'm having is that only Administrators can logon,
> probably since they're the only ones allowed to open users and groups (even
> their own user account).
> The code I've used is as follows:
>
> private SortedList ListMembersInGroup() {
> string dirPath = ConfigurationSettings.AppSettings["ADGroupRoot"];
> SortedList userList = new SortedList();
> using (DirectoryEntry _groupEntry = new DirectoryEntry(dirPath, {working
> user}, {working pass})) {
> IADsGroup gr = _groupEntry.NativeObject as IADsGroup;
> IADsMembers MembersCollection = gr.Members();
> MembersCollection.Filter = new object[] {"user"};
> foreach (IADsUser member in MembersCollection) {
> DirectoryEntry _user = new DirectoryEntry(member.ADsPath, {working user},
> {working pass});
> userList.Add(_user.Name, _user.Properties);
> }
> }
> return userList;
> }
>
> public bool IsAuthenticated(string username, string pwd) {
> string pathAndUserName = ConfigurationSettings.AppSettings["ADUserRoot"]
> .Replace("%USERNAME%", username);
> using (DirectoryEntry entry = new DirectoryEntry(pathAndUserName, username,
> pwd)) {
> try {
> // Here I get an Unknown exception when the user is not an
> administrator...
> Object obj = entry.NativeObject;
> } catch { return false; }
> if (!entry.Path.Equals(pathAndUserName))
> return false;
> }
> return this.ListMembersInGroup().ContainsKey(username);
> }
>
> Where
> ConfigurationSettings.AppSettings["ADGroupRoot"]="WinNT://ELESTEDT/server/{group}"
> ConfigurationSettings.AppSettings["ADUserRoot"]="WinNT://ELESTEDT/server/%USERNAME%"
> {working user} is a Administrator account,
> {working pass} is the password to the Administrator account,
> {group} is the group users have to be in to be allowed to logon.
>
> Any help is appriciated...
>
>
Hi,
I've been trying to use FormsAuthentication agains windows users and
groups - not Active Directory.
I couldn't find any articles on this directly, not to say that there aren't
any out there, if you know of one - please let me know.
Anyways - the problem I'm having is that only Administrators can logon,
probably since they're the only ones allowed to open users and groups (even
their own user account).
The code I've used is as follows:
private SortedList ListMembersInGroup() {
string dirPath = ConfigurationSettings.AppSettings["ADGroupRoot"];
SortedList userList = new SortedList();
using (DirectoryEntry _groupEntry = new DirectoryEntry(dirPath, {working
user}, {working pass})) {
IADsGroup gr = _groupEntry.NativeObject as IADsGroup;
IADsMembers MembersCollection = gr.Members();
MembersCollection.Filter = new object[] {"user"};
foreach (IADsUser member in MembersCollection) {
DirectoryEntry _user = new DirectoryEntry(member.ADsPath, {working user},
{working pass});
userList.Add(_user.Name, _user.Properties);
}
}
return userList;
}
public bool IsAuthenticated(string username, string pwd) {
string pathAndUserName = ConfigurationSettings.AppSettings["ADUserRoot"]
.Replace("%USERNAME%", username);
using (DirectoryEntry entry = new DirectoryEntry(pathAndUserName, username,
pwd)) {
try {
// Here I get an Unknown exception when the user is not an
administrator...
Object obj = entry.NativeObject;
} catch { return false; }
if (!entry.Path.Equals(pathAndUserName))
return false;
}
return this.ListMembersInGroup().ContainsKey(username);
}
Where
ConfigurationSettings.AppSettings["ADGroupRoot"]="WinNT://ELESTEDT/server/{group}"
ConfigurationSettings.AppSettings["ADUserRoot"]="WinNT://ELESTEDT/server/%USERNAME%"
{working user} is a Administrator account,
{working pass} is the password to the Administrator account,
{group} is the group users have to be in to be allowed to logon.
Any help is appriciated...
Well then,
I can see only one way out - SQL auth.
Thanks anyway.
// Fredrik
[quoted text, click to view] "Cowboy (Gregory A. Beamer) - MVP" <NoSpamMgbworld@comcast.netNoSpamM> wrote
in message news:515E403A-60CE-457B-A122-35AD7AE5C39A@microsoft.com...
> The first option that comes to mind is using Enterprise Services (ie,
> COM+)
> for the authentication and setting the user of the application to a
> priveleged acount that can run the user check). The web app is then
> divorced
> from the authentication process, allowing it more authority to do the
> check.
> Giving the web app more priveges (not easy) is not a good option, however.
> ---
>
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
>
> ***************************
> Think Outside the Box!
> ***************************
>
> "Fredrik Elestedt" wrote:
>
>> Hi,
>>
>> I've been trying to use FormsAuthentication agains windows users and
>> groups - not Active Directory.
>> I couldn't find any articles on this directly, not to say that there
>> aren't
>> any out there, if you know of one - please let me know.
>> Anyways - the problem I'm having is that only Administrators can logon,
>> probably since they're the only ones allowed to open users and groups
>> (even
>> their own user account).
>> The code I've used is as follows:
>>
>> private SortedList ListMembersInGroup() {
>> string dirPath = ConfigurationSettings.AppSettings["ADGroupRoot"];
>> SortedList userList = new SortedList();
>> using (DirectoryEntry _groupEntry = new DirectoryEntry(dirPath, {working
>> user}, {working pass})) {
>> IADsGroup gr = _groupEntry.NativeObject as IADsGroup;
>> IADsMembers MembersCollection = gr.Members();
>> MembersCollection.Filter = new object[] {"user"};
>> foreach (IADsUser member in MembersCollection) {
>> DirectoryEntry _user = new DirectoryEntry(member.ADsPath, {working
>> user},
>> {working pass});
>> userList.Add(_user.Name, _user.Properties);
>> }
>> }
>> return userList;
>> }
>>
>> public bool IsAuthenticated(string username, string pwd) {
>> string pathAndUserName = ConfigurationSettings.AppSettings["ADUserRoot"]
>> .Replace("%USERNAME%", username);
>> using (DirectoryEntry entry = new DirectoryEntry(pathAndUserName,
>> username,
>> pwd)) {
>> try {
>> // Here I get an Unknown exception when the user is not an
>> administrator...
>> Object obj = entry.NativeObject;
>> } catch { return false; }
>> if (!entry.Path.Equals(pathAndUserName))
>> return false;
>> }
>> return this.ListMembersInGroup().ContainsKey(username);
>> }
>>
>> Where
>> ConfigurationSettings.AppSettings["ADGroupRoot"]="WinNT://ELESTEDT/server/{group}"
>> ConfigurationSettings.AppSettings["ADUserRoot"]="WinNT://ELESTEDT/server/%USERNAME%"
>> {working user} is a Administrator account,
>> {working pass} is the password to the Administrator account,
>> {group} is the group users have to be in to be allowed to logon.
>>
>> Any help is appriciated...
>>
>>
>>
