November 15, 2004 at 5:33 pm
Hi,
I am developing an extranet application, with WindowsForms authentication based on Users table in SQLServer. The administration of the extranet users is very sufisticated (One of the Portals based on I Buy Spy template) and is done via the admin web interface. It include not only logging in but also assigning roles, which administer authorisation (which resources will be available to which users). Since most of the users are also included in the Active Directory, I thought of finding a way to synchronise automatically between the Active Directory (user and password only, without roles) and the Users table in SQLServer. This means that whenever a user passowrd is changed in the active directory it will be updated in the SQLServer as well. If this is too complicated to acheive, I would like to at least be able to automatically copy all users and passwords from the AD into the Users Table and make the rest of the updates manually.
Would appreciate help, since I havent found a way to do it.
November 17, 2004 at 3:44 am
I had to do something similar recently, but using the NT SAM rather than AD. The solution involved a wee bit of script and a dll using ADSI and ADO.
Are you allowing users to change their own password? What I found with SAM is that only an admin account can change passwords in the SAM, therefore had to use a dll running as admin which had a method to update the SAM and if successful called another one to update SQL (in that order).
Some may be of the opinion that the more secure option would be for the individual user to make a "password change request". I have had to do this on a project too: When a user makes a request, the administrator is notified via email and the request and user details were then added to a table only accessible by an admin account. Admin logs in, reviews the request and approves/rejects bla bla bla
If you are using .Net, things should probably be a lot easier: develop class to do the ADSI/ADO stuff, and a user control to embed in the webform. The user control then instantiates the ADSI/ADO class using a click event...
November 21, 2004 at 11:25 pm
Thanks a lot for your reply. I have given up on the idea due to additional issues. I will be moving to use the DNN application which already has a module for that.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply