Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

IIS cross-domain authentication using member groups in ASP

Hi all,

I'm having an issue that I'm sure has come up before, and I've found several explanations, but I'm just having a hard time getting things to work/figuring out what the best solution is.

I have an ASP web app sitting on a Domain1 server. Users from Domain2 will access the site, and I need to authenticate them against The Domain2 AD. I need to also retrieve their group memberships, as this will determine their access rights on the site. All this works perfectly as a standalone VBScript (of course) but not in ASP.

From what I've seen so far (and PLEASE correct me if I'm wrong), there are 2 options:

1. Implement something using Basic authentication rather than Windows authentication. (the password being sent in clear is an issue here)

2. Use an ISAPI filter (from where???)

When I try to implement basic authentication, I can successfully retrieve the user's full DN (yaaay!) but cannot access the group membership data. I get this error:

Active Directory Error '8000500d'

The directory property cannot be found in the cache.

Then it indicates this line of code:
objMemberOf = objUser.GetEx("memberOf")

When I ran all this in a single-domain environment, it worked fine...

any ideas? It can't be this hard...   :(
0
rashkae
Asked:
rashkae
  • 2
1 Solution
 
Ted BouskillSenior Software DeveloperCommented:
You have to have a trust relationship between Domain1 and Domain2.  Domain1 has to trust Domain2.
0
 
rashkaeAuthor Commented:
Well, sadly, that's not entirely possible as we're talking 2 different security zones. Domain1 is a neutral zone between 4 domains. Sigh
0
 
Ted BouskillSenior Software DeveloperCommented:
Well if it's any consolation, the behavior of the domains is to make things more secure.  Cheers.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now