1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

asp.net and windows authentication help

Collapse
X
11 to 15 of 15 Previous 1 2 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
11 to 15 of 15 Previous 1 2 template Next
    #11
    Originally posted by suityou01 View Post
    Your client is not quite understanding windows security.

    Your external users will be authenticated on the external AD. You will have no access to this from your internal AD unless a domain trust exists.

    For SSO to work, your external users need to be authenticated on the domain. VPN access or some such. Once they are authenticated on the domain, they will receive a token, which contains the SID.

    For info, your users SID and SamAccountName are cached in the IIS metabase. So if a user changes their name, SSO will break for them until you flush the cache on IIS, either by bouncing the box, restarting the w3c, restarting the app pool or logging in on that box with the user account that has changed.

    asp.net - IIS Returning Old User Names to my application - Stack Overflow

    This is what I keep telling them...but I think the middle man is the problem. All I get back is that the app must hit both ADs. Anyway I think can hack something akin to what I was describing above..with the fake authentication, then a AD check than a revoke if necessary.

    I've been on this three days now..it was only scheduled for four!

    middle man is the "architect"..he's got far less experience than me and he's a arts grad who pretends to be a programmer. the most annoying bit that all the code is vb.net...so it takes twice as much text to do everything.
    McCoy: "Medical men are trained in logic."
    Spock: "Trained? Judging from you, I would have guessed it was trial and error."

    Comment

      #12
      Originally posted by lilelvis2000 View Post
      This is what I keep telling them...but I think the middle man is the problem. All I get back is that the app must hit both ADs. Anyway I think can hack something akin to what I was describing above..with the fake authentication, then a AD check than a revoke if necessary.

      I've been on this three days now..it was only scheduled for four!

      middle man is the "architect"..he's got far less experience than me and he's a arts grad who pretends to be a programmer. the most annoying bit that all the code is vb.net...so it takes twice as much text to do everything.
      [1] Kerching
      [2] Ah. Kerching.
      [3] Mmmm. Kerching.
      [4] Keeeeeeeeeeeeeeeeeeeerching.

      Knock first as I might be balancing my chakras.

      Comment

        #13
        Originally posted by suityou01 View Post
        [1] Kerching
        [2] Ah. Kerching.
        [3] Mmmm. Kerching.
        [4] Keeeeeeeeeeeeeeeeeeeerching.

        What it is frustration.

        I am told that as they are a global company trust can't happen. Well there goes the project then.
        McCoy: "Medical men are trained in logic."
        Spock: "Trained? Judging from you, I would have guessed it was trial and error."

        Comment

          #14
          Originally posted by lilelvis2000 View Post
          What it is frustration.

          I am told that as they are a global company trust can't happen. Well there goes the project then.
          No. Dry your eyes and start doing something about it. I would suggest putting together ann options paper (don't forget a do nothing option).

          Compare and contrast your options. Let the business decide. If they choose an option that is loads of work and reinventing the wheel. Keeeeeeeeeeeeeeeeeeeeeeeerching.

          If they choose to introduce domain trusts on the back of your option paper, then you have a great little war story for a future interview.

          You are more in control than you realise.
          Knock first as I might be balancing my chakras.

          Comment

            #15
            Originally posted by suityou01 View Post
            No. Dry your eyes and start doing something about it. I would suggest putting together ann options paper (don't forget a do nothing option).

            Compare and contrast your options. Let the business decide. If they choose an option that is loads of work and reinventing the wheel. Keeeeeeeeeeeeeeeeeeeeeeeerching.

            If they choose to introduce domain trusts on the back of your option paper, then you have a great little war story for a future interview.

            You are more in control than you realise.
            I finally managed to crack the middle man nut. He finally came round and has said that he "believes" there is a trust and is speaking to their internal dev department about the setup.

            If that happens than I can at least simulate things with a local setup. All I'd need to do is get some name/email info from the AD. and web.config can handle the group authorisation.

            Should have the details by end of day...which is almost here. Hmmmm..

            Well, at least I got to work on my tan today! even if I earned £0..
            McCoy: "Medical men are trained in logic."
            Spock: "Trained? Judging from you, I would have guessed it was trial and error."

            Comment

            Reply to Thread
            11 to 15 of 15 Previous 1 2 template Next

            Advertisers

            1. Contracting
              1. General
                1. Brexit
              2. Business / Contracts
                1. Coronavirus Assistance
              3. Accounting / Legal
                1. Umbrella Companies
                2. HMRC Scheme Enquiries
                3. The Future of Contracting
                4. IR35 Reform
              4. Technical
              5. Welcome / FAQs
            2. Social
              1. Light Relief
              2. Social / Events
            Working...
            X