Comments on: Active Directory Authentication Part II http://mike.brevoort.com/2008/09/27/active-directory-authentication-part-ii/ life technology etc Mon, 12 Jul 2010 13:14:09 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Mike http://mike.brevoort.com/2008/09/27/active-directory-authentication-part-ii/comment-page-1/#comment-185 Mike Wed, 05 Nov 2008 14:32:05 +0000 http://mike.brevoort.com/?p=113#comment-185 Joao, yes this makes sense. As you said there must be a trust set up between all of the domains of the users trying to authenticate. I'm not quite following the last thing you said though about authenticating to these LDAP servers using basic credentials and not knowing who the user is. Are you still trying to get IWA to work while manually attempting to resolve who the user is to there other domains? In that case, yes it makes sense why that doesn't work. Thanks, Mike Joao,

yes this makes sense. As you said there must be a trust set up between all of the domains of the users trying to authenticate. I’m not quite following the last thing you said though about authenticating to these LDAP servers using basic credentials and not knowing who the user is. Are you still trying to get IWA to work while manually attempting to resolve who the user is to there other domains? In that case, yes it makes sense why that doesn’t work.

Thanks,
Mike

]]> By: Joao Afonso http://mike.brevoort.com/2008/09/27/active-directory-authentication-part-ii/comment-page-1/#comment-184 Joao Afonso Tue, 04 Nov 2008 16:36:15 +0000 http://mike.brevoort.com/?p=113#comment-184 Hi! I really liked your article! I'm implementing a very similar scenario for a web application that is accessed by users from different domains and DCs. In the first part you mentioned the words 'auto-login', which caught my attention since that's the way we're trying to go. Like in your case, we're using IIS with Integrated windows authentication to bypass the authentication phase of the login process. The problem is, because the other domains are not trusted inside the webserver's AD, we can't validate the users trying to log-in. IIS simply denies access to them. Even if we try to find the users credentials in the any of the available LDAP servers (using a fixed user/pwd for navigation) we still have the problem of not knowing who the user is. Does this make any sense to you?... Thanks! Hi!

I really liked your article! I’m implementing a very similar scenario for a web application that is accessed by users from different domains and DCs.

In the first part you mentioned the words ‘auto-login’, which caught my attention since that’s the way we’re trying to go.

Like in your case, we’re using IIS with Integrated windows authentication to bypass the authentication phase of the login process.

The problem is, because the other domains are not trusted inside the webserver’s AD, we can’t validate the users trying to log-in. IIS simply denies access to them.

Even if we try to find the users credentials in the any of the available LDAP servers (using a fixed user/pwd for navigation) we still have the problem of not knowing who the user is.

Does this make any sense to you?…

Thanks!

]]> By: Active Directory Authentication Part I http://mike.brevoort.com/2008/09/27/active-directory-authentication-part-ii/comment-page-1/#comment-163 Active Directory Authentication Part I Sat, 27 Sep 2008 06:20:32 +0000 http://mike.brevoort.com/?p=113#comment-163 [...] FINALLY posted a follow-up to this here Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...] [...] FINALLY posted a follow-up to this here Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...]

]]>