Directory Services

Running DSML Services for Windows on the Internet

In an Internet scenario, clients will usually connect to DSML Services for Windows from a Web application across the Internet. It is recommended that communication between the client and DSML Services for Windows be made across a secure, encrypted channel to prevent sensitive data from being exposed.

DSML Services Scenario

In an Internet scenario, the IIS server that hosts DSML Services for Windows will usually have the security settings for the DSML virtual directory set to basic authentication. The IIS server has a valid SSL certificate installed, and the clients pass a user name and password via the SSL connection.

The following code examples show how clients access DSML Services for Windows across the Internet using the Visual Basic and C# programming languages.

Visual Basic Example

set xmlhttp = CreateObject("Msxml2.XMLHTTP")
xmlhttp.open "POST", "https://fabrikam.com/dsml/adssoap.dsmlx", false, userName, password

C# Example

Uri site = new Uri("https://fabrikam.com/dsml/adssoap.dsmlx"); 
WebRequest wReq = WebRequest.Create(site);

// Set "Basic" Auth and create Username and password.
NetworkCredential myCred = new NetworkCredential(userName,password);
CredentialCache myCache = new CredentialCache();
myCache.Add(site, "Basic", myCred);

wReq.Credentials = myCache;

This scenario assumes that both IIS and Active Directory are running a data center. The communication between IIS, DSML Services for Windows, and Active Directory can be encrypted using SSL. To set a secure connection, install an appropriate certificate in Active Directory and set DSML Services for Windows to communicate at port 636 in the dsmlv2.config configuration file.

Sample configuration file:

<extensionConfiguration>
   <virtualDirectory url="/dsml/adssoap.dsmlx`">
		<server>fabrikam.com</server>
		<port>636</port>
		<connectTimeout>30</connectTimeout>
		<operationTimeout>30</operationTimeout>
		<maxConnections>10</maxConnections>
   </virtualDirectory>
</extensionConfiguration>

Note  In this configuration, DSML Services for Windows and the Active Directory domain controller can be installed on separate computers.

Users running as anonymous

In some Internet scenarios, the data received by a client computer is public and no data is required to be encrypted. The services are free to users, but users cannot modify the data. A white page/yellow page lookup is an example of this type of scenario.

DSML Services Scenario

To configure DSML Services for Windows in this scenario

  1. Create a new user in Active Directory.
  2. Give this user read-only permissions for Active Directory objects. For sensitive data, you might also want to remove the Read permissions at the object and/or attribute levels.
  3. Set the IIS security settings to anonymous access. Set the new user as the Account used for anonymous Access.

Clients are not required to specify or user name or password to access this service.