IIS Server Security - Authentication using Distinguished name instead of Certificates...

Author

Authentication using Distinguished name instead of Certificates...

Daniel Corbett

2005-12-02, 5:53 pm

I need to authenticate against active directory and log a user on to
Sharepoint. In order to reduce SSL load and support edge server caching we
are using a persistant shared SSL connection. My code will be searching
active directory using the distinguished name from the origional user
certificate to determine the correct user account and then logging on the
user. However, I do not have the "password" in plain text.

How can I logon / impersonate the user / grab the appropriate "ticket"
without the password?

This is what IIS does when it does certificate based login, however, in this
case, I do not have the full certificate.

Any suggestions, please?

Yuan Ren[MSFT]

2005-12-05, 2:49 am

Hi,

Welcome to Microsoft newsgroup!

>How can I logon / impersonate the user / grab the appropriate "ticket"
without the password?
>¡_
>"This is what IIS does when it does certificate based login, however, in
this case, I do not have the full certificate."

IIS has client certificate authentication. However in this scenario, we do
need to provide each authenticated user account's password which is stored
into IIS metabase. The below article explains how this feature works in IIS
5.0:
http://support.microsoft.com/defaul...;313070&sd=tech

>"I need to authenticate against active directory and log a user on to
Sharepoint. In order to reduce SSL load and support edge server caching we
are using a persistant shared SSL connection."

I'm not very clear about what you want to achieve. Could you please explain
the whole scenario more clearly? It sounds like you want to implement a
pass-through authentication feature by yourself? What authentication method
you want to use? Is SSL used for encryption only or you also want it to
implement client cert authentication?

Regards,

Yuan Ren [MSFT]
Microsoft Online Support