Security

[Reza]

Hi

I have two forests with one way trust between them. My web application is
in the trusting forest. A user from trusted forest connects to this
application. He can't touch the resources in his forest! . What's the
problem? I can do it through a desktop application not through web
application in Integrated Windows security mode but it works fine in Basic
Authentication mode. Is it a Kerberose problem? I know that Kerberose is not
working cross forest but I had the same problem in a single forest. Anybody
can help me?

Regards.
Reza.

 

[WJ]

Hi

I have two forests with one way trust between them. My web application is
in the trusting forest. A user from trusted forest connects to this
application. He can't touch the resources in his forest! . What's the
problem?

That is because the web app resides in the trusting forest. It has no
knowledge of the trusted forest. All it does is to authenticate the users
from the trusted forest to access the web site in the one which trusts.

John

 

[Reza]

Thank you John:

The problem is when I impersonate as the connectiing user and try to create
a global group in his forest an error happens. I can do that when security
mode is Basic Authentication in IIS but not when it is Integrated Windows. Is
is because of Kerberos? The result and error is the same when all domains
reside in a single forest with transitive two way trust between them.

Thanks
Reza