Discovering the Cause of Authentication Failures

Table of contents:

Summary

We explored three different techniques to authenticate against Active Directory and ADAM. While we did not directly cover using the LogonUser API, that is also a valid option and it can be considered. Table 12.1 includes the four different choices, summarized by platform and version of .NET.

Table 12.1. Authentication Options Matrix

Operating System

.NET Version 2.0

.NET Version 1.1

Windows 2000

SSPI[a]

SDS

 

SDS.p

 
 

SDS

 

Windows 2003/XP ADAM

SDS.P

SDS

 

SDS

 

Windows 2003

SSPI[a]

SDS

 

SDS.P

LogonUser[a]

 

LogonUser[a]

 

SDS

 

[a] Runs on client, not server.

We can make a couple of observations from this table. First, SDS.P is probably going to be our most compatible and perhaps best-performing choice across all platforms with version 2.0. However, the performance depends a bit on whether fast concurrent binding will be supported on our client and server. Regardless, it is a pretty good choice.

For version 1.1, we can see that only SDS is universal across all the platforms. The biggest problem, of course, is that this solution does not scale well. For small applications, SDS will be fine using version 1.1. Larger applications will need to consider writing a custom SSPI solution using managed C++ for Active Directory, or perhaps a native LDAP component for ADAM. Since these two options would be significantly more difficult, we do not show them as an option in Table 12.1.

While LogonUser can also be used on Windows 2000 clients against any version of Active Directory, we do not recommend using it unless it is called from Windows 2003 or XP clients, because essentially it must run as SYSTEM if we are to use it on this platform. Keeping in mind the limitations based on platform (e.g., LogonUser) and version of framework (e.g., SDS.P), this chapter and Table 12.1 should give you some useful guidance on what authentication method is appropriate for your own application.

Part I: Fundamentals

Introduction to LDAP and Active Directory

Introduction to .NET Directory Services Programming

Binding and CRUD Operations with DirectoryEntry

Searching with the DirectorySearcher

Advanced LDAP Searches

Reading and Writing LDAP Attributes

Active Directory and ADAM Schema

Security in Directory Services Programming

Introduction to the ActiveDirectory Namespace

Part II: Practical Applications

User Management

Group Management

Authentication

Part III: Appendixes

Appendix A. Three Approaches to COM Interop with ADSI

Appendix B. LDAP Tools for Programmers

Appendix C. Troubleshooting and Help

Index



The. NET Developer's Guide to Directory Services Programming
The .NET Developers Guide to Directory Services Programming
ISBN: 0321350170
EAN: 2147483647
Year: 2004
Pages: 165

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net