Stuck on Authentication to Active Directory from Internet

TinCool

Right. Here's my issue. I am using SQL2000, IIS 7.0, ASP .NET

• I have an IIS Server sitting in a DMZ.
• I have a SQL Server sitting in our intranet.
• I have an Active Directoy server in our intranet (can query it via SQL LDAP Queries, DirectoryServices etc etc).
• IIS Server cannot see the Intranet Active Directory.
• The IIS Server can access the SQL Server.

I need to be able to authenticate a user from a website on the IIS Server passing his/her username/password through a simple login screen (I can encrypt these using a 3rd party dll and SSL Cert so no issues there), so that I can authenticate his/her user credentials by querying/interrogating Active Directy via some method through the SQL Server. The username/password passed through will be their Active Directory/Domain username/password credentials. I don't want to have to store usernames/passwords in a table on the SQL Server as I want the users to use their current password that they use to log on to their Domain on the intranet.

Any suggestions/ideas ?

Cheers,
TC

stevenmu

If you can't allow access from the IIS box to the AD, you won't be able to directly authenticate against AD. What you can possibly do (I think) is try to use ASP.Net delegation progmatically to open your connection to SQL. If the connection succeeds count the user as authenticated, if not it's an invalid user/pass. This assumes your SQL box can see the AD and it means that everyone who uses the site will need rights to access the SQL box. Even at that I'm not sure if it'll work without the IIS box being able to see the AD.