IIS cross-domain authentication using member groups in ASP

Hi all,

I'm having an issue that I'm sure has come up before, and I've found several explanations, but I'm just having a hard time getting things to work/figuring out what the best solution is.

I have an ASP web app sitting on a Domain1 server. Users from Domain2 will access the site, and I need to authenticate them against The Domain2 AD. I need to also retrieve their group memberships, as this will determine their access rights on the site. All this works perfectly as a standalone VBScript (of course) but not in ASP.

From what I've seen so far (and PLEASE correct me if I'm wrong), there are 2 options:

1. Implement something using Basic authentication rather than Windows authentication. (the password being sent in clear is an issue here)

2. Use an ISAPI filter (from where???)

When I try to implement basic authentication, I can successfully retrieve the user's full DN (yaaay!) but cannot access the group membership data. I get this error:

Active Directory Error '8000500d'

The directory property cannot be found in the cache.

Then it indicates this line of code:
objMemberOf = objUser.GetEx("memberOf")

When I ran all this in a single-domain environment, it worked fine...

any ideas? It can't be this hard...   :(
rashkaeAsked:
Who is Participating?
 
Ted BouskillSenior Software DeveloperCommented:
You have to have a trust relationship between Domain1 and Domain2.  Domain1 has to trust Domain2.
0
 
rashkaeAuthor Commented:
Well, sadly, that's not entirely possible as we're talking 2 different security zones. Domain1 is a neutral zone between 4 domains. Sigh
0
 
Ted BouskillSenior Software DeveloperCommented:
Well if it's any consolation, the behavior of the domains is to make things more secure.  Cheers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.