Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Using Active Directory (http://www.velocityreviews.com/forums/t767859-using-active-directory.html)

scsharma 09-19-2005 08:59 PM

Using Active Directory
 
Hi,
I am new to active directory world but based on what i know i am trying to
achieve following:
1. Look for user/groups on a windows 2000 machine which is not a PDC(primary
domain controller). I created Directory entry object as follows:
DirectoryEntry group = new
DirectoryEntry("LDAP://CN=guests,DC=XXX.XXX.XX.X");
where "X" is actual IP Address of machine.

I ran into issues where i got exception saying "A referral was returned
from the server" when following line was executed:
object members = group.Invoke("Members",null);
I am not sure if i can query PDC to look for users/groups on some other
machine running in same domain. Can some one verify if that's possible. If
yes then can you please direct me.

2. I am trying to create a user interface which will allow user to create a
subdirectory on machine running windows 2000 machine. Please note that my
application would be running on windows XP. Using my UI user will, specify
the ipaddress of windows 2000 on which finally subfolder will be created and
users from that machines would be given permission on those folders.
Is above requirement possible using C# in .net.
--
Thanks
SCS

Steven Cheng[MSFT] 09-20-2005 07:36 AM

RE: Using Active Directory
 
Hi Sharmasu,

Welcome to ASPNET newsgroup.
Regarding on the two questions you mentioned, here are some of my
suggestions;
1. For AD query, generally there may occur some secuirty related issues
when performing AD query in ASP.NET application since the security context
in asp.net is different from desktop apps like winform or console. So I
think we can first try testing the same code in winform or console app with
proper logon user to see whethe the same rpoblem occurs. If the same
problem remain, that means this is a AD specific problem, I'd recommend you
try posting in the public.ADSI or public .ADSI.general newsgroup.

2. Do you means you'd like to allow your asp.net application to create new
directory on remote machine? If so, I'm afraid this is not quite a good
idea since we need to consider many security things in such scenario.
First, for manipulate directory on remote machine, we'll need to expose the
remote directory (at least the most top level directory) through UNC share
or WebDav share. Then, we can access or modify that directory from the
asp.net application on separate machine. Also, we need to grant the
ASP.NET's process identity the sufficient permissions on the remote
macine(for that remote shared folder).

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)





--------------------
| Thread-Topic: Using Active Directory
| thread-index: AcW9XPjaG4kI1EAVQtG9u1BTsm403A==
| X-WBNR-Posting-Host: 12.109.44.8
| From: "=?Utf-8?B?c2NzaGFybWE=?=" <sharmasu@noemail.nospam>
| Subject: Using Active Directory
| Date: Mon, 19 Sep 2005 13:59:05 -0700
| Lines: 25
| Message-ID: <C1503C3D-7E8D-4951-904E-00252081771D@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet.security: 6627
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hi,
| I am new to active directory world but based on what i know i am trying
to
| achieve following:
| 1. Look for user/groups on a windows 2000 machine which is not a
PDC(primary
| domain controller). I created Directory entry object as follows:
| DirectoryEntry group = new
| DirectoryEntry("LDAP://CN=guests,DC=XXX.XXX.XX.X");
| where "X" is actual IP Address of machine.
|
| I ran into issues where i got exception saying "A referral was returned
| from the server" when following line was executed:
| object members = group.Invoke("Members",null);
| I am not sure if i can query PDC to look for users/groups on some other
| machine running in same domain. Can some one verify if that's possible.
If
| yes then can you please direct me.
|
| 2. I am trying to create a user interface which will allow user to create
a
| subdirectory on machine running windows 2000 machine. Please note that my
| application would be running on windows XP. Using my UI user will,
specify
| the ipaddress of windows 2000 on which finally subfolder will be created
and
| users from that machines would be given permission on those folders.
| Is above requirement possible using C# in .net.
| --
| Thanks
| SCS
|



All times are GMT. The time now is 01:23 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.