Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

security_asp thread: Re: security_asp digest: July 29, 2002

Message #1 by "Bill Sisemore" <bill@s...> on Tue, 30 Jul 2002 03:39:44 -0400
The truth be known, I started to think about what I said and had hoped no 
one was reading.  I agree.  Please, hold the laughter until I leave the 
room.

-----Original Message-----
From: "Security_asp digest" <security_asp@p...>
To: "security_asp digest recipients" <security_asp@p...>
Date: Tue, 30 Jul 2002 00:06:40 +0100
Subject: security_asp digest: July 29, 2002

> -----------------------------------------------
> When replying to the digest, please quote only
> relevant material, and edit the subject line to
> reflect the message you are replying to.
> -----------------------------------------------
> 
> The URL for this list is:
> http://p2p.wrox.com/list.asp?list=security_asp
> SECURITY_ASP Digest for Monday, July 29, 2002.
> 
> 1. Re: security_asp digest: July 26, 2002
> 
> ----------------------------------------------------------------------
> 
> Subject: Re: security_asp digest: July 26, 2002
> From: "Andreas Pettersson" <andreas@q...>
> Date: Mon, 29 Jul 2002 07:55:25 +0200
> X-Message-Number: 1
> 
> Well, if you want Kerberos to work and use the AD to validate access
> rights you would be better off using LDAP. The proxy/firewall
> configuration is just something you have to work with, it's not that
> hard to set up.
> 
> Though I do not understand why you suggest using session variables,
> those are a big NO-NO if you want to build a scaleable application. I
> haven't used session variables for over three years and I'm not sure
> that I'll start using them again even with the new threading model and
> session server in ASP.Net.
> 
> Cookies do their best in a lot of situations but they're pretty limited
> when it comes to a secure application, ACL's, Kerberos tickets and
> certificates are the way to go in my humble opinion.
> 
> /andreas.q3p
> 
> -----Original Message-----
> From: Bill Sisemore [mailto:bill@s...] 
> Sent: den 27 juli 2002 17:08
> To: Security_asp
> Subject: [security_asp] Re: security_asp digest: July 26, 2002
> 
> What I don't get is why would you use NT or LDAP Authentication when
> the
> 
> Session object and cookies work so well.  Add the fact the unheard of 
> inconvenience of not being able to access protected webs (behind a 
> firewall) because of NT's inability to pass native authentication 
> through a proxy and you have a lot of problems.  Just use a session 
> object and a cookie here and there.
> 
> Bill
> 
> -----Original Message-----
> From: "Security_asp digest" <security_asp@p...>
> To: "security_asp digest recipients" <security_asp@p...>
> Date: Sat, 27 Jul 2002 00:04:54 +0100
> Subject: security_asp digest: July 26, 2002
> 
> > -----------------------------------------------
> > When replying to the digest, please quote only
> > relevant material, and edit the subject line to
> > reflect the message you are replying to.
> > -----------------------------------------------
> > 
> > The URL for this list is:
> > http://p2p.wrox.com/list.asp?list=security_asp
> > SECURITY_ASP Digest for Friday, July 26, 2002.
> > 
> > 1. ADSI
> > 2. RE: ADSI
> > 3. RE: ADSI
> > 
> >
> ----------------------------------------------------------------------
> > 
> > Subject: ADSI
> > From: "marc cardenas" <marclena@h...>
> > Date: Fri, 26 Jul 2002 16:33:37
> > X-Message-Number: 1
> > 
> > I've got this piece of code to create a user through ASP
> > 
> > Dim Computer
> > Dim User
> > strUser=Request.Form("username")
> > strPassword=Request.Form("password")
> > Set Computer = Getobject("WinNT://mcardenas")
> > Set User = computer.create("User",strUser)    
> > 'User.fullname = strFullname    
> > User.Description = strDesc     
> > call User.SetPassword(strPassword)   
> > User.setinfo   
> > Set User = nothing
> > Set computer = nothing  
> > 
> > and it works but now I want to create a login screen.
> > How can I check if the password match with the password for that user
> > Thanks
> >
> ----------------------------------------------------------------------
> > 
> > Subject: RE: ADSI
> > From: "Michael Morisoli" <Michael@M...>
> > Date: Fri, 26 Jul 2002 08:35:59 -0700
> > X-Message-Number: 2
> > 
> > Marc, I went thru this exact same thing a few months back and
> actually
> > had to call MS tech support.
> > 
> > The guy there sent me some code that I used to create a simple COM
> > object in VB6 to handle form validation.  The nice thing about this
> > code
> > is that it can validate against Active Directory, Windows NT v4.0
> PDC's
> > or even older Windows NT v3.5x PDC's.
> > 
> > It uses ADSI when talking to Active Directory and has to resort to
> some
> > low level Windows API calls for NT.
> > 
> > If you like, I would be happy to send you a zip file of my code.  It
> is
> > all in VB6, do you have that?
> > 
> > Contact me directly if you would like the code.  Michael@M...
> > 
> > Mike
> > 
> > -----Original Message-----
> > From: marc cardenas [mailto:marclena@h...]
> > Sent: Friday, July 26, 2002 9:34 AM
> > To: Security_asp
> > Subject: [security_asp] ADSI
> > 
> > I've got this piece of code to create a user through ASP
> > 
> > Dim Computer
> > Dim User
> > strUser=3DRequest.Form("username")
> > strPassword=3DRequest.Form("password")
> > Set Computer =3D Getobject("WinNT://mcardenas")
> > Set User =3D computer.create("User",strUser)   
> > 'User.fullname =3D strFullname   
> > User.Description =3D strDesc    
> > call User.SetPassword(strPassword)  
> > User.setinfo  
> > Set User =3D nothing
> > Set computer =3D nothing 
> > 
> > and it works but now I want to create a login screen.
> > How can I check if the password match with the password for that user
> > Thanks
> > 
> >
> ----------------------------------------------------------------------
> > 
> > Subject: RE: ADSI
> > From: "Debreceni, David" <david_debreceni@r...>
> > Date: Fri, 26 Jul 2002 11:37:21 -0400
> > X-Message-Number: 3
> > 
> > You can actually just use this bit of code and pass it a username and
> > password for authentication purposes.  That should work.  Of note, if
> > you
> > are using a strictly Active Directory environment, you should use
> LDAP,
> > not
> > WinNT.  LDAP is a little faster.
> > Hope that works for ya.
> > Getobject("WinNT://mcardenas",strUser,strPass)
> > 
> >  
> >  
> > David Debreceni
> > Senior VB/ASP Developer
> > david_debreceni@r... <mailto:david_debreceni@r...> 
> >  xxx-xxx-xxxx  x1086
> > 
> > 
> > -----Original Message-----
> > From: marc cardenas [mailto:marclena@h...]
> > Sent: Friday, July 26, 2002 12:34 PM
> > To: Security_asp
> > Subject: [security_asp] ADSI
> > 
> > 
> > I've got this piece of code to create a user through ASP
> > 
> > Dim Computer
> > Dim User
> > strUser=Request.Form("username")
> > strPassword=Request.Form("password")
> > Set Computer = Getobject("WinNT://mcardenas")
> > Set User = computer.create("User",strUser)    
> > 'User.fullname = strFullname    
> > User.Description = strDesc     
> > call User.SetPassword(strPassword)   
> > User.setinfo   
> > Set User = nothing
> > Set computer = nothing  
> > 
> > and it works but now I want to create a login screen.
> > How can I check if the password match with the password for that user
> > Thanks
> > 
> > 
> > 
> > 
> > ---
> > 
> > END OF DIGEST
> > 
> 
> 
> 
> %%email.unsub%%
> 
> 
> 
> 
> ---
> 
> END OF DIGEST
>

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy