Last post Sep 05, 2008 01:19 PM by deblendewim
Feb 14, 2008 11:48 AM|Rockets|LINK
I am working on a project and i am trying to seek a professional opinion. If i have 2 authenticated values username and password in LDAP authentication, can i retrieve these values and check them with the values that are stored in active directory to authenticate
How would this be possible without actually knowing the 2 values that are authenticated?
Feb 15, 2008 08:00 AM|deblendewim|LINK
I'm not quite following what you want to achieve!
But here goes:
So you have an AD-server in your domain. Is it gonna be an intranet application? You have 2 users in your AD. These users will be allowed to access the application right? And all the other users in AD have no access.
Also .... Do these users have to logon explicitly to the web-application? I mean do they have to enter their credentials again?
Ok what do you need to do (summerized):
A bit more in detail:
First of all: Try and make a new website. From here you can test the ldap authentication. Afterwards you can implement it into your existing app.
Ok so what do you need to do:
Create a new websiteCreate it directly on your local webserverIn IIS, enable Windows Integrated Securityin IIS, disable Anonymous Access (UNcheck the checkbox)You already have your default page, leave that as it is.Make a new page and call it login.aspxPut a Login control on the login pageNow you need to add a few things to your web.config.
I will give you my code examples so you probably need to modify it a little bit.
<add name="ADConnectionString" connectionString="LDAP://BE.MYDOMAIN.AD/DC=BE,DC=MYDOMAIN,DC=AD"/>
<forms name="login" loginUrl="~/login.aspx" defaultUrl="~/default.aspx" />
<add name="MyADMembershipProvider" attributeMapUsername="sAMAccountName" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"
enableSearchMethods="true" connectionUsername="MYDOMAIN\UserName" connectionPassword="UserNamePassw"/>
Ok I work with forms authentication in the website because I want my users to login through a login page.
A bit more info about the membership section in the web.config:
I use a connectionUsername and connectionPassword attribute in the membership-tag.
I only need to use these when I work on my local webserver. When I deploy my website to a production WebServer, I don't need a connectionUsername or connectionPassword. This is because they (=the ProductionWebServer and the LdapServer) trust eachother I guess
(but our hardware people know more about that )
When all this is set - up, you can test your configuration.
Do this by clicking the "ASP.NET Configuration"-button. You can find that button in your Solution Explorer (on top / button with world and hammer).
Then go to the security tab
You should see something like: Existing Users: XXX
XXX should be the number of users your LDAP-query returned.
When all of the above work out well, you should be able to test-run your application!
Ok so what do you need to do:
You should do a few things different from the above instructions:
My quote above came from this link:
There are some useful link-throughs so you should check it out!
Please let me know if you have remarks/questions.
Feb 15, 2008 09:07 AM|Rockets|LINK
Thank you for replying first of all.
The system is on a domain which is intranet. I wish their was only 2 users probably in the region of 20,000. At present the application asks the users to login again when the user clicks the network file link.
The user is asked to login to the domain first and foremost which is authenticated in IChain to LDAP authentication which checks EDirectory for the users username and password and lets them into the domain first. Then when the user wants to view network
files by clicking the network file link which are in Active Directory it asks the user too login again. Their is HTTP Commander software which is coded in ASP.Net/VB which is checking AD for the users files but it asks the user too login again by poping up
a login screen. But now HTTP Commander must communicate with IChain Novell to grab the username and password which is first entered and check them against AD when the network file link is clicked to allow the users correct home drive to be displayed. Instead
of having 2 logins i am required to have 1 and grab the username and password first entered with HTTP Commander and check with AD, to keep the user logged in to the system when they click the network file link.
I hope this is little clearer.
How can i do this if it is actually possible? As i have Novell Edirectory and ichain which authenticates too LDAP, and HTTP Commander which only communicates to Microsoft Active Directory at present.
Is it possible to grab the username and password which is going to be different for every user 20,000 in ASP.Net/VB with HTTP Commander and check in AD and show the correct users home drive.
Any questions please do ask as this is my first project and some experienced people are saying it is not possible unless i know what the actual values are username and password actually are which are authenticated to LDAP one way encryption.
Thank You Beforehand
Sep 05, 2008 08:01 AM|swalkingshaw|LINK
Did you ever get a solution to this issue. I'm running an ASP.NET app I want to proxy using iChain, I've setup the accelerator and after I have authenticated through iChain form I receive a second dialog box from the webserver asking for credentials. Sounds
like a similar issue to yours.
Any pointers would be much appreicated
Sep 05, 2008 01:19 PM|deblendewim|LINK
Maybe the following link is helpful:
I think its Rockets :)
Hopefully there's something useful in the replies on that thread!