0

I have a website which using active directory authorization on a windows server

in order to use active directory, the os must join to active directory domain

now, since some security issue, the admin of server don't want to join to domain persistently

are there any ways to join to domain programmatically, when the website need to authorize a user, then connect to domain, after authorization, disconnect from domain?

CL So
  • 3,647
  • 10
  • 51
  • 95

1 Answers1

1

If you really want to join to the domain programmatically, you can look at this SO post.

Another option is to provide username and password when binding to Active Directory but that means you need to find a way to store the username and password securely. You can store them securely using DPAPI

Community
  • 1
  • 1
Harvey Kwok
  • 11,713
  • 6
  • 37
  • 59
  • The website is written by php, and using adLDAP for authentication, if it is possible, I would like to use php rather than c#. Can I use php to do that? – CL So Jul 04 '12 at 20:53
  • Sorry, I am not an expert on PHP. I just found 2 SO posts that allows you calling [WMI from PHP](http://stackoverflow.com/questions/3848707/query-wmi-remotely-with-php) and calling [Win32 API from PHP](http://stackoverflow.com/questions/1411657/how-do-i-make-win32-api-calls-from-php). So, I think the answer is yes. – Harvey Kwok Jul 04 '12 at 23:24
  • OK, thank you, could you tell me more about the "provide username and password when binding to Active Directory"? do you mean something like "username:password@ad_server_ip"?? – CL So Jul 06 '12 at 04:05
  • The idea is the same but I don't expect you can just type in "username:password@ad_server_ip". It really depends on the library that you use. Normally, when you bind to a LDAP server, you can choose to provide username password. – Harvey Kwok Jul 06 '12 at 04:11