Last post Mar 01, 2010 04:39 PM by randyklein
Mar 01, 2010 04:39 PM|randyklein|LINK
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different
user. I setup a web form to accept a username and password. My question is this, I need a [U]secure[/U] way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions,
but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution
to query AD with the credentials?