I
Israel Prince-Beliveau
I've built a webservice accessing the active directory. I'm in a
situation where the IIS server(containing pages and the webservice) is
different than the domain controller. Security should be assignedper user. A
certain user doesn't have the same permissions on the ADS than someone else,
so he should only be available to modify parts he have permissions on it.
As you can guess, I have permission problems. I found on some forums
that I could use an account of the domain as the master active directory
admin, but if I do so, I will lose the specific rights the user has on the
system. Is there a way I could get the rights that user has so he can't
modify part he has not a permission on it? Because I have problems keeping
the User credentials over to the other server. Last week I wasn't using
webservice and the only way i got to keep credential was using basic
authentication (for testing). Now using my ADS webservice I don't have any
more rights on the system.
Anyone as an ideas on how I could work with this? If I could keep my
original login rights used at the start of the webpage using the windows
authentication, it would be best, but I don't want any security holes
neither.
situation where the IIS server(containing pages and the webservice) is
different than the domain controller. Security should be assignedper user. A
certain user doesn't have the same permissions on the ADS than someone else,
so he should only be available to modify parts he have permissions on it.
As you can guess, I have permission problems. I found on some forums
that I could use an account of the domain as the master active directory
admin, but if I do so, I will lose the specific rights the user has on the
system. Is there a way I could get the rights that user has so he can't
modify part he has not a permission on it? Because I have problems keeping
the User credentials over to the other server. Last week I wasn't using
webservice and the only way i got to keep credential was using basic
authentication (for testing). Now using my ADS webservice I don't have any
more rights on the system.
Anyone as an ideas on how I could work with this? If I could keep my
original login rights used at the start of the webpage using the windows
authentication, it would be best, but I don't want any security holes
neither.