Last post Nov 28, 2007 02:37 AM by johram
Nov 26, 2007 09:00 AM|kilik|LINK
I'm trying to add a feature to a web page that will allow a user to search AD for a domain account. I'd like to do this as securely as possible. The best I can come up is to create an "application account" in AD. I can then control that account and ensure
that it only has access to what it's supposed to.
Does anyone know of a better approach?
Nov 28, 2007 02:37 AM|johram|LINK
Basically you have two options - either create an application account with restricted permissions, or you could use integrated security which would require the user on the other end to actually be a member of the domain. It is theoretically possible to access
the "application account" solution with anonymous access, although it depends on how you set it up. Or you could do a mix of the two, i.e. require integrated authentication but perform the search with an application user. Also you can specify parameters to
your DirectoryEntry that tells the system to use a secure connection etc.