rashkae
asked on
IIS cross-domain authentication using member groups in ASP
Hi all,
I'm having an issue that I'm sure has come up before, and I've found several explanations, but I'm just having a hard time getting things to work/figuring out what the best solution is.
I have an ASP web app sitting on a Domain1 server. Users from Domain2 will access the site, and I need to authenticate them against The Domain2 AD. I need to also retrieve their group memberships, as this will determine their access rights on the site. All this works perfectly as a standalone VBScript (of course) but not in ASP.
From what I've seen so far (and PLEASE correct me if I'm wrong), there are 2 options:
1. Implement something using Basic authentication rather than Windows authentication. (the password being sent in clear is an issue here)
2. Use an ISAPI filter (from where???)
When I try to implement basic authentication, I can successfully retrieve the user's full DN (yaaay!) but cannot access the group membership data. I get this error:
Active Directory Error '8000500d'
The directory property cannot be found in the cache.
Then it indicates this line of code:
objMemberOf = objUser.GetEx("memberOf")
When I ran all this in a single-domain environment, it worked fine...
any ideas? It can't be this hard... :(
I'm having an issue that I'm sure has come up before, and I've found several explanations, but I'm just having a hard time getting things to work/figuring out what the best solution is.
I have an ASP web app sitting on a Domain1 server. Users from Domain2 will access the site, and I need to authenticate them against The Domain2 AD. I need to also retrieve their group memberships, as this will determine their access rights on the site. All this works perfectly as a standalone VBScript (of course) but not in ASP.
From what I've seen so far (and PLEASE correct me if I'm wrong), there are 2 options:
1. Implement something using Basic authentication rather than Windows authentication. (the password being sent in clear is an issue here)
2. Use an ISAPI filter (from where???)
When I try to implement basic authentication, I can successfully retrieve the user's full DN (yaaay!) but cannot access the group membership data. I get this error:
Active Directory Error '8000500d'
The directory property cannot be found in the cache.
Then it indicates this line of code:
objMemberOf = objUser.GetEx("memberOf")
When I ran all this in a single-domain environment, it worked fine...
any ideas? It can't be this hard... :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well if it's any consolation, the behavior of the domains is to make things more secure. Cheers.
ASKER