piyushdabomb
asked on
Authenticating a user in Active Directory (AD) from an External Site
Hi,
Currently at work, users are authenticated within the company at http://www.xxxx.com
We just purchased http://www.yyyy.com from a 3rd party host. What I want to do is work towards building an internal company site with all the most frequently used material and sites by everyone on http://www.yyyy.com however, for them to be able to get to the site, they need to be authenticated via the Active Directory from http://www.xxxx.com which is the "MAIN" company website.
I have all the AD LDAP strings but the issue is that I don't know how to do this. Yes, I know the workaround is store everyones usernames and passwords in a database and query against that but because people leave the company and join at rates unimaginable, it will be very hard for us to keep updating the database which is why we just said.."you know what, lets rely on AD"
How do we do this! help out please.
Currently at work, users are authenticated within the company at http://www.xxxx.com
We just purchased http://www.yyyy.com from a 3rd party host. What I want to do is work towards building an internal company site with all the most frequently used material and sites by everyone on http://www.yyyy.com however, for them to be able to get to the site, they need to be authenticated via the Active Directory from http://www.xxxx.com which is the "MAIN" company website.
I have all the AD LDAP strings but the issue is that I don't know how to do this. Yes, I know the workaround is store everyones usernames and passwords in a database and query against that but because people leave the company and join at rates unimaginable, it will be very hard for us to keep updating the database which is why we just said.."you know what, lets rely on AD"
How do we do this! help out please.
Malli Boppe
On the website you remove annoymous authentication and use intergrated windows authentication.
is the new website hosted on the same server? If not, is it on the domain?
What language are you using -- I have the syntax for php and may be able to point ya in the rich direction for .net or others
What language are you using -- I have the syntax for php and may be able to point ya in the rich direction for .net or others
ASKER
Its on 2 different domains and 2 different servers!
I can use PHP, ASP, or ASP.NET...whatever works. Even if I don't have the experience, I'll figure it out.
I can use PHP, ASP, or ASP.NET...whatever works. Even if I don't have the experience, I'll figure it out.
Do you have 2way trust between those domains.If you have then users in both domains can use both websites.
ASKER
I can somehow get the 2way trust. I know that the domain I bought has trust... but the company website 'can' get trust after speaking with a few folks.
How do I get users in both domains using both websites? Where does authentication play a part?
How do I get users in both domains using both websites? Where does authentication play a part?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Team,
Will the code work on 2 different servers? All I really need is 1 way trust into my company server. I don't need authentication the other way (and I'm sure I can get that).
Can someone point me in the right direction with this?
Will the code work on 2 different servers? All I really need is 1 way trust into my company server. I don't need authentication the other way (and I'm sure I can get that).
Can someone point me in the right direction with this?
As far as trust, sounded like one-way is what you need and there shouldn't be a problem to create one-way trust.
ASKER
Okay guys...so we changed the way we are going to deal with this just because we can't get any TRUSTS whatsoever.
I have a list of IP addresses we can work with and so I'm thinking about placing the IP addresses into a database and query off of that. If the users IP address is NOT found in the list, they can't login.
Anyone know how to determine the IP address of a user?
I have a list of IP addresses we can work with and so I'm thinking about placing the IP addresses into a database and query off of that. If the users IP address is NOT found in the list, they can't login.
Anyone know how to determine the IP address of a user?
I can give a another solution create local users on teh webserver with some random passwords.
On the website folder directory.Add this users and give read permissions or same as domain user permissions.Give the user names and passwords to the other users in the domain.
On the website folder directory.Add this users and give read permissions or same as domain user permissions.Give the user names and passwords to the other users in the domain.
ASKER
mboppe,
I already thought of that. The hassles with building a database with user names and passwords comes during maintenance depending on who leaves the company and who doesn't!
I already thought of that. The hassles with building a database with user names and passwords comes during maintenance depending on who leaves the company and who doesn't!
ASKER
Check this out:
If you go to http://www.cebdata.com/Solutions_Site/Auth.asp
The first line will tell you if you were authenticated or not.
Let me know if it tells you that you were authenticated. You should NOT be!
If you go to http://www.cebdata.com/Solutions_Site/Auth.asp
The first line will tell you if you were authenticated or not.
Let me know if it tells you that you were authenticated. You should NOT be!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent!
Thats all I need to know. I was able to write a little asp to ban users who aren't part of certain IPs to login. Only those in the space of our IP sites can log in.
Thats all I need to know. I was able to write a little asp to ban users who aren't part of certain IPs to login. Only those in the space of our IP sites can log in.