«

I have an asp.net app that is using .Net remoting (tcp/binary).

I am using Integrated Windows Authentication and will be authenticating
against active directory.

I will then need to use the ADSI DirectoryEntry and/or DirectorySearch to
get the groups the user is in.

Is there a way to pass the users security context that I get back from AD
over to the remoting server so that I can do the searching from there?

Thanks.

STom

Hi!,

How exactly is your app performing authentication using win auth?
are you using SSPI and a custom channel? if you're authenticating the user
at the client, you should do it at the server instead.
you should use SSPI and authentication will be done at the remoting server,
and then you'll have the context there.

if you think I'm missing sthg, let me know.
bye

"STom" <> wrote in message
news:...
> I have an asp.net app that is using .Net remoting (tcp/binary).
>
> I am using Integrated Windows Authentication and will be authenticating
> against active directory.
>
> I will then need to use the ADSI DirectoryEntry and/or DirectorySearch to
> get the groups the user is in.
>
> Is there a way to pass the users security context that I get back from AD
> over to the remoting server so that I can do the searching from there?
>
> Thanks.
>
> STom
>
>

The authentication is being performed automatically by using Integrated
Windows Security, therefore there is no reason to do this on the server
side.

We have figured out that we do not need to pass the security context to the
server to do what we need to do, but thanks for your answer anyway.

lw
"Hernan Ochoa" <> wrote in message
news:%233pY$...
> Hi!,
>
> How exactly is your app performing authentication using win auth?
> are you using SSPI and a custom channel? if you're authenticating the user
> at the client, you should do it at the server instead.
> you should use SSPI and authentication will be done at the remoting
server,
> and then you'll have the context there.
>
> if you think I'm missing sthg, let me know.
> bye
>
> "STom" <> wrote in message
> news:...
> > I have an asp.net app that is using .Net remoting (tcp/binary).
> >
> > I am using Integrated Windows Authentication and will be authenticating
> > against active directory.
> >
> > I will then need to use the ADSI DirectoryEntry and/or DirectorySearch
to
> > get the groups the user is in.
> >
> > Is there a way to pass the users security context that I get back from
AD
> > over to the remoting server so that I can do the searching from there?
> >
> > Thanks.
> >
> > STom
> >
> >
>
>

oh, ok, so your remoting client was a webapp? sorry, I should've guessed it

mm, who does the search? the remoting server? mm, well, I don't actually
understand exactly what you're
doing, but if your remoting server is not requiring any kind of
authentication/authz, I'd shtg about that.

bye!


"STom" <> wrote in message
news:%...
> The authentication is being performed automatically by using Integrated
> Windows Security, therefore there is no reason to do this on the server
> side.
>
> We have figured out that we do not need to pass the security context to
the
> server to do what we need to do, but thanks for your answer anyway.
>
> lw
> "Hernan Ochoa" <> wrote in message
> news:%233pY$...
> > Hi!,
> >
> > How exactly is your app performing authentication using win auth?
> > are you using SSPI and a custom channel? if you're authenticating the
user
> > at the client, you should do it at the server instead.
> > you should use SSPI and authentication will be done at the remoting
> server,
> > and then you'll have the context there.
> >
> > if you think I'm missing sthg, let me know.
> > bye
> >
> > "STom" <> wrote in message
> > news:...
> > > I have an asp.net app that is using .Net remoting (tcp/binary).
> > >
> > > I am using Integrated Windows Authentication and will be
authenticating
> > > against active directory.
> > >
> > > I will then need to use the ADSI DirectoryEntry and/or DirectorySearch
> to
> > > get the groups the user is in.
> > >
> > > Is there a way to pass the users security context that I get back from
> AD
> > > over to the remoting server so that I can do the searching from there?
> > >
> > > Thanks.
> > >
> > > STom
> > >
> > >
> >
> >
>
>