Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > determine trusted domain with windows authentication

Reply
Thread Tools

determine trusted domain with windows authentication

 
 
Jerry N
Guest
Posts: n/a
 
      07-08-2006
I am planning on using Windows authentication for a web page. I've added
these lines to my web.config file:

<identity impersonate="true"/>
<authentication mode="Windows" />

And I can view the name with:

void Page_Load(object sender, EventArgs e) {
if(User.Identity.IsAuthenticated ) {
lblIdentity.Text = "The current user is " + User.Identity.Name;
} else {
lblIdentity.Text = "The current user is not authenticated.";
}
}

So my question is, how can I authenticate the "Domain" from the
User.Identity.Name property? I was going to split the "Domain\Username"
value to get the domain name but I don't want a remote Windows client to
spoof the domain name. I also hoping to avoid hardcoding the valid domain
names and use Active Directory to validate them.

Any ideas?

Thanks,
Jerry N


 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      07-08-2006
The domain name in the user name is formed by Windows authentication based
on how Windows translates the user's SID into an NT-format name, not by
input data, so you don't need to worry about it being spoofed by the user.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jerry N" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am planning on using Windows authentication for a web page. I've added
> these lines to my web.config file:
>
> <identity impersonate="true"/>
> <authentication mode="Windows" />
>
> And I can view the name with:
>
> void Page_Load(object sender, EventArgs e) {
> if(User.Identity.IsAuthenticated ) {
> lblIdentity.Text = "The current user is " + User.Identity.Name;
> } else {
> lblIdentity.Text = "The current user is not authenticated.";
> }
> }
>
> So my question is, how can I authenticate the "Domain" from the
> User.Identity.Name property? I was going to split the "Domain\Username"
> value to get the domain name but I don't want a remote Windows client to
> spoof the domain name. I also hoping to avoid hardcoding the valid domain
> names and use Active Directory to validate them.
>
> Any ideas?
>
> Thanks,
> Jerry N
>
>



 
Reply With Quote
 
 
 
 
Jerry N
Guest
Posts: n/a
 
      07-09-2006
Thanks, I thought it was created using tokens but the domain name is still
determined by a [system admin] user. Can I get determine if the security
token came from a trusted domain? How many 'WORKGROUP' or 'MSHOME'
workgroups/domains are there?

Jerry

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:(E-Mail Removed)...
The domain name in the user name is formed by Windows authentication based
on how Windows translates the user's SID into an NT-format name, not by
input data, so you don't need to worry about it being spoofed by the user.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jerry N" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am planning on using Windows authentication for a web page. I've added
> these lines to my web.config file:
>
> <identity impersonate="true"/>
> <authentication mode="Windows" />
>
> And I can view the name with:
>
> void Page_Load(object sender, EventArgs e) {
> if(User.Identity.IsAuthenticated ) {
> lblIdentity.Text = "The current user is " + User.Identity.Name;
> } else {
> lblIdentity.Text = "The current user is not authenticated.";
> }
> }
>
> So my question is, how can I authenticate the "Domain" from the
> User.Identity.Name property? I was going to split the "Domain\Username"
> value to get the domain name but I don't want a remote Windows client to
> spoof the domain name. I also hoping to avoid hardcoding the valid domain
> names and use Active Directory to validate them.
>
> Any ideas?
>
> Thanks,
> Jerry N
>
>





 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      07-09-2006
Windows authentication will only authenticate users it trusts. That would
mean that only local machine users, users in the machine's domain and users
in trusted domains will be authenticated.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jerry N" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks, I thought it was created using tokens but the domain name is still
> determined by a [system admin] user. Can I get determine if the security
> token came from a trusted domain? How many 'WORKGROUP' or 'MSHOME'
> workgroups/domains are there?
>
> Jerry
>
> "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
> in message news:(E-Mail Removed)...
> The domain name in the user name is formed by Windows authentication based
> on how Windows translates the user's SID into an NT-format name, not by
> input data, so you don't need to worry about it being spoofed by the user.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> "Jerry N" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I am planning on using Windows authentication for a web page. I've added
>> these lines to my web.config file:
>>
>> <identity impersonate="true"/>
>> <authentication mode="Windows" />
>>
>> And I can view the name with:
>>
>> void Page_Load(object sender, EventArgs e) {
>> if(User.Identity.IsAuthenticated ) {
>> lblIdentity.Text = "The current user is " + User.Identity.Name;
>> } else {
>> lblIdentity.Text = "The current user is not authenticated.";
>> }
>> }
>>
>> So my question is, how can I authenticate the "Domain" from the
>> User.Identity.Name property? I was going to split the "Domain\Username"
>> value to get the domain name but I don't want a remote Windows client to
>> spoof the domain name. I also hoping to avoid hardcoding the valid
>> domain
>> names and use Active Directory to validate them.
>>
>> Any ideas?
>>
>> Thanks,
>> Jerry N
>>
>>

>
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
using AD security for authentication. The trust relationship betweenthe primary domain and the trusted domain failed. wildman@noclient.net ASP .Net 1 02-29-2008 04:01 PM
How to determine if a user (integrated authentication) is part of a domain security group. Paul Wolpe ASP .Net Security 1 09-16-2004 04:07 AM



Advertisments