Non-Domain IIS server authenticate on domain?

iis authentication active-directory
5,706

Solution 1

I ran into a similar requirement when trying to figure out how to leverage Active Directory for BlogEngine.NET. After spending some time researching I was able to use Active Directory user accounts with the Basic Authentication .NET Membership framework.

This worked on my domain member web server but could easily work for non-domain member servers assuming you add the username and password to the configuration section of the web.config.

From my blog post about how to configure:

Add an entry into the section pointing to your domain controller.

<add name="ADConnectionString" connectionString="LDAP://server.domain.com/DC=domain,DC=com" />

Notice the first part of the LDAP:// syntax specifies the name of the domain controller (server.domain.com). You have a couple of options here. You can specify the Fully Qualified Domain Name as shown in the example; you can specify the relativeDistinguishedNamek (ex. server); you can specify the IP Address of the domain controller (ex. 192.168.1.10); or for more redundancy you can specify just the domain name (ex. domain.com).

Make your section look like the following:

<membership defaultProvider="MyADMembershipProvider">
      <providers>
        <add name="MyADMembershipProvider"
                 type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                 connectionStringName="ADConnectionString"
                 attributeMapUsername="sAMAccountName"
                 enableSearchMethods="true"/>
      </providers>
</membership>

You will notice that I did not configure a username and password for connecting into Active Directory. That's because I am running BlogEngine on a domain member server and the IIS services are running under an application pool using Network Services account. If you must use explicit credentials then you can add connectionUsername and connectionPassword to the MyADMembershipProvider entry with the appropriate information.

Solution 2

I'd recommend using an LDAPS call if possible instead of LDAP. I'd also recommend using SSL if you're going to start passing you domain passwords in plain text.

Share:
5,706
SpaceManSpiff
Author by

SpaceManSpiff

Done with server fault. Was fun but tired of the people here who think they are better then the rest of the world. http://serverfault.com/questions/84630/why-are-admins-pompous-idiots

Updated on September 17, 2022

Comments

  • SpaceManSpiff
    SpaceManSpiff almost 2 years

    I have an IIS server that is a stand alone server not on the domain.

    So users don't have to login to a local user database, Can I have the IIS server, authenticate users against the domain controller or atleast have the user's login name passed though to the IIS application?

    It can be assumed that users will trust the website.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Risks in raising domain Functional Level from 2003 mixed to 2008 native
IIS 7.5 basic authentication and Active Directory validation
IIS enable authentication for reverse proxy
HTTP Error 500.19 - Error Code 0x80070021
IIS7 give ApplicationPoolIdentity access to a network location
Authenticate Oracle Database with Active Directory Users
C# / ASP.NET / AD - "The specified directory service attribute or value does not exist."
HTTP Error 401.0 - Unauthorized
401 - Unauthorized in IE7 only with windows authentication.
Integrated Windows Authentication in WCF on IIS 6.0