Using Active Directory to get users credentials

[7jgru1]

We have an ASP.net application that connects to a list of servers and checks the C drive for a specific person's profile. The problem that we are having is that we can not get the application to use the users credentials (needed to have access the C drive), so we are forced to hard code the user name and password in IIS. This also could be done in the ASP.net app. We don't feel that this is a secure solution. What we want to do is pull the user's credentials from Active Directory and some how pass that into the app.

We have tried the following in the web.config:

Windows authentication mode
identity impersonate="true"

If we set identity impersonate="true" and add the username and password, the app works, but once again we don't feel that this is a secure method. Now if we could pull the username and password from Active Directory and pass it into, as a variable, the identity impersonate line that would be great, but we are not sure of a way to accomplish this. Any help would be much appreciated.

 

[jbenson001]

Google is your friend:

http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx

 

[7jgru1]

Thanks for the response. We did look this article over yesterday, but we were trying to find something that didn't entail adding a login page. I should have mentioned that we are using VB.net as the programming language. If this is the only way to get what we need then we'll just have to make this work. Thanks again.

 

[jbenson001]

Well how else would you authenticate a user if you don't have a page for them to enter their login information?

 

[7jgru1]

We have another application that we purchased from an outside source that allows a user to view reports online. This product uses Active Directory (LDAP) to log you in. When you open the application, it pulls your information from Active Directory, so there technically is no login page. We were hoping to do something similar. I'm not a network admin so I know very little about how Active Directory works. We wanted to see if anyone else had this same issue and found a solution. Like I said, I have know problem using a login page if need be.

 

[jbenson001]

When you open the application, it pulls your information from Active Directory, so there technically is no login page.

How can it pull my specific information in, if I don't put a user name and password?. The answer: IT CAN'T. There is no magic happening anywhere.

We use AD where I work, for my credentials when I log into my laptop, for my access to the Exchange server, etc. At some point, I have to enter my username and password. There is no way around it.

 

[MarkSweetland]

The application in IIS has to be set to use Windows authentication and not allow anonymous access. That will cause IIS to validate the client credentials in the domain. Plus you'll have to set the NTFS permissions on the server directory to allow those users access either by explicit user, or by AD group.


Mark

"You guys pair up in groups of three, then line up in a circle."
- Bill Peterson, a Florida State football coach

 

[shaunk]

Just a thought.

If its only for the one user, setup their id and password in the appsettings section and then encrypt the web.config file.
You can then access their credentials from appsettings via the usual techniques, then use impersonation.


There has to be a pony in this pile of s*%t somewhere.