1

Ok, I have looked around and could not find a solution to this problem. I have an ASP.NET web application that is using Windows Authentication.

I have a public web services that I use for an iPad App I have developed. For security reasons all of my Web Services requires a header with login information.

Right now, I have a separate database that I authenticate users from. Its a built in authentication for when my application is installed using Forms Authentication.

What I would like to do is when the user on the iPad logs into the system, it passes the Login and Password to the Web Service in the hearder... which it does now.

But, how can I Authenticate that User and Password against the Active Directory to make sure the user has access?

Thannks, Cory

Bitco Software
  • 405
  • 1
  • 5
  • 15

1 Answers1

0

But, how can I Authenticate that User and Password against the Active Directory to make sure the user has access?

That's straightforward in c#: Validate a username and password against Active Directory?

More AD tasks in c# (including authentication)

Right now, I have a separate database that I authenticate users from. Its a built in authentication for when my application is installed using Forms Authentication.

Based on this statement, it sounds like you have a database of credentials which duplicates credentials in AD? If that's the case, not sure that's a good idea.

And/or it also sounds like credentials which match those in AD are being passed around (possibly in plain text?) This might be a business requirement, but I would recommend that all communication is done over SSL and that the AD accounts belong to a domain setup specifically for this purpose that is not trusted (or only partially trusted) by the rest of the network.

Community
  • 1
  • 1
Tim M.
  • 53,671
  • 14
  • 120
  • 163
  • No, its not a duplicate... in a sense. My application has a user database that supplies security within the system. So, not everyone who is authenticated on a domain has access to the system. AD could have 100 users where my app only allows access to 20 of those. So, I do keep a database of users with access. But, instead of using the built in password for my users in my database, I would like to be able to authenticate that user from AD instead of the one in the database. – Bitco Software May 12 '12 at 17:29
  • I will take a look at the link you provided and see if that will work with what I am doing. – Bitco Software May 12 '12 at 17:29
  • Makes sense. There is certainly nothing wrong with keeping *additional* information about an AD user in your own database. – Tim M. May 12 '12 at 17:30