Well, if you want Kerberos to work and use the AD to validate access
rights you would be better off using LDAP. The proxy/firewall
configuration is just something you have to work with, it's not that
hard to set up.

Though I do not understand why you suggest using session variables,
those are a big NO-NO if you want to build a scaleable application. I
haven't used session variables for over three years and I'm not sure
that I'll start using them again even with the new threading model and
session server in ASP.Net.

Cookies do their best in a lot of situations but they're pretty limited
when it comes to a secure application, ACL's, Kerberos tickets and
certificates are the way to go in my humble opinion.

/andreas.q3p

-----Original Message-----
From: Bill Sisemore [mailto:bill@s...] 
Sent: den 27 juli 2002 17:08
To: Security_asp
Subject: [security_asp] Re: security_asp digest: July 26, 2002

What I don't get is why would you use NT or LDAP Authentication when the

Session object and cookies work so well.  Add the fact the unheard of 
inconvenience of not being able to access protected webs (behind a 
firewall) because of NT's inability to pass native authentication 
through a proxy and you have a lot of problems.  Just use a session 
object and a cookie here and there.

Bill

-----Original Message-----
From: "Security_asp digest" <security_asp@p...>
To: "security_asp digest recipients" <security_asp@p...>
Date: Sat, 27 Jul 2002 00:04:54 +0100
Subject: security_asp digest: July 26, 2002

> -----------------------------------------------
> When replying to the digest, please quote only
> relevant material, and edit the subject line to
> reflect the message you are replying to.
> -----------------------------------------------
> 
> The URL for this list is:
> http://p2p.wrox.com/list.asp?list=security_asp
> SECURITY_ASP Digest for Friday, July 26, 2002.
> 
> 1. ADSI
> 2. RE: ADSI
> 3. RE: ADSI
> 
> ----------------------------------------------------------------------
> 
> Subject: ADSI
> From: "marc cardenas" <marclena@h...>
> Date: Fri, 26 Jul 2002 16:33:37
> X-Message-Number: 1
> 
> I've got this piece of code to create a user through ASP
> 
> Dim Computer
> Dim User
> strUser=Request.Form("username")
> strPassword=Request.Form("password")
> Set Computer = Getobject("WinNT://mcardenas")
> Set User = computer.create("User",strUser)    
> 'User.fullname = strFullname    
> User.Description = strDesc     
> call User.SetPassword(strPassword)   
> User.setinfo   
> Set User = nothing
> Set computer = nothing  
> 
> and it works but now I want to create a login screen.
> How can I check if the password match with the password for that user
> Thanks
> ----------------------------------------------------------------------
> 
> Subject: RE: ADSI
> From: "Michael Morisoli" <Michael@M...>
> Date: Fri, 26 Jul 2002 08:35:59 -0700
> X-Message-Number: 2
> 
> Marc, I went thru this exact same thing a few months back and actually
> had to call MS tech support.
> 
> The guy there sent me some code that I used to create a simple COM
> object in VB6 to handle form validation.  The nice thing about this
> code
> is that it can validate against Active Directory, Windows NT v4.0
PDC's
> or even older Windows NT v3.5x PDC's.
> 
> It uses ADSI when talking to Active Directory and has to resort to
some
> low level Windows API calls for NT.
> 
> If you like, I would be happy to send you a zip file of my code.  It
is
> all in VB6, do you have that?
> 
> Contact me directly if you would like the code.  Michael@M...
> 
> Mike
> 
> -----Original Message-----
> From: marc cardenas [mailto:marclena@h...]
> Sent: Friday, July 26, 2002 9:34 AM
> To: Security_asp
> Subject: [security_asp] ADSI
> 
> I've got this piece of code to create a user through ASP
> 
> Dim Computer
> Dim User
> strUser=3DRequest.Form("username")
> strPassword=3DRequest.Form("password")
> Set Computer =3D Getobject("WinNT://mcardenas")
> Set User =3D computer.create("User",strUser)   
> 'User.fullname =3D strFullname   
> User.Description =3D strDesc    
> call User.SetPassword(strPassword)  
> User.setinfo  
> Set User =3D nothing
> Set computer =3D nothing 
> 
> and it works but now I want to create a login screen.
> How can I check if the password match with the password for that user
> Thanks
> 
> ----------------------------------------------------------------------
> 
> Subject: RE: ADSI
> From: "Debreceni, David" <david_debreceni@r...>
> Date: Fri, 26 Jul 2002 11:37:21 -0400
> X-Message-Number: 3
> 
> You can actually just use this bit of code and pass it a username and
> password for authentication purposes.  That should work.  Of note, if
> you
> are using a strictly Active Directory environment, you should use
LDAP,
> not
> WinNT.  LDAP is a little faster.
> Hope that works for ya.
> Getobject("WinNT://mcardenas",strUser,strPass)
> 
>  
>  
> David Debreceni
> Senior VB/ASP Developer
> david_debreceni@r... <mailto:david_debreceni@r...> 
>  xxx-xxx-xxxx  x1086
> 
> 
> -----Original Message-----
> From: marc cardenas [mailto:marclena@h...]
> Sent: Friday, July 26, 2002 12:34 PM
> To: Security_asp
> Subject: [security_asp] ADSI
> 
> 
> I've got this piece of code to create a user through ASP
> 
> Dim Computer
> Dim User
> strUser=Request.Form("username")
> strPassword=Request.Form("password")
> Set Computer = Getobject("WinNT://mcardenas")
> Set User = computer.create("User",strUser)    
> 'User.fullname = strFullname    
> User.Description = strDesc     
> call User.SetPassword(strPassword)   
> User.setinfo   
> Set User = nothing
> Set computer = nothing  
> 
> and it works but now I want to create a login screen.
> How can I check if the password match with the password for that user
> Thanks
> 
> 
> 
> 
> ---
> 
> END OF DIGEST
> 



%%email.unsub%%