| Gonenc Ercan 2004-02-24, 9:34 am |
| Hi,
Well my problem is that I have an Intranet web site in an windows 2000
domain with an IIS 5.0 web server. I have Integrated Authentication checked
and all the others unchecked. If I am not missing a point what happens on
this setting is that, the user sends its credentials. web server contacts
the AD using kerberos and gets a Ticket Granting Ticket for the web server,
which enables the user to authenticate only to the web server. on my ASP
pages I want to also show the other users in an Organization Unit etc.. (in
other words i want to query AD). In theory i thought that by using
integrated Authentication I was actually using the browsers account while
querying the AD but i found out that it wasnt the case. When the
administrators disabled Anonymous Querying to AD my scripts stopped working
and I have lots of ASP scripts which gets Access denied errors. In my code I
am connecting with;
con.Open "ADs Provider" , "user", "password"
Although it seems that the password is authenticated (I have tried a wrong
password, this also gives Access Denied even if the anonymous querying of AD
is permitted) the querying is done through an different account. (apperantly
from the Event logs it seems that it is using the Local SYSTEM Account). I
have tried checking Anonymous Access and specifying the user for executing
ASP scripts with an domain account which has rights to query (from IIS
Configuration directory sec.) and it worked even when the Anonymous querying
is not permitted. But I cant do that since I need Integrated Authentication
enabled (to authenticate to the web server). So is there a way to query the
AD with a specified user. isnt specifying the user in con.open as above
enough to do this? How will i specify the user to use while querying the
server.
If there are some unclear points I can provide more detail. Thanx in advance
Gonenc Ercan
|