Directory Services

Running DSML Services for Windows on an Intranet

In a corporate environment that uses a Windows operating system, you can usually log on to the corporate network one time and then access system resources, including Web pages, without giving your credentials again. DSML Services for Windows also requires you to log on only one time, because it uses the Windows authentication process to verify user access.

DSML Services Scenario

In an intranet scenario, the IIS server that hosts DSML Services for Windows will usually have its security settings configured for integrated Windows authentication.

DSML clients are not required to pass credentials if the user logs on to the Active Directory forest where DSML Services for Windows resides.

The following code examples show how clients access DSML Services for Windows across an intranet using the Visual Basic and C# programming languages.

Visual Basic Example

set xmlhttp = CreateObject("Msxml2.XMLHTTP")
xmlhttp.open "POST", "https://fabrikam.com/dsml/adssoap.dsmlx", false, userName, password

C# Example

Uri site = new Uri("https://fabrikam.com/dsml/adssoap.dsmlx");
WebRequest wReq = WebRequest.Create(site);

wReq.Credentials = CredentialCache.DefaultCredentials;

Restrictions

If NTLM is chosen during the authentication negotiation, IIS and Active Directory must each be installed on the same computer. Kerberos delegation must be enabled if the client, IIS, and Active Directory are all installed on different computers.

If using separate computers for Active Directory and IIS is a requirement, but Kerberos delegation is not an option, you can configure DSML Services for Windows with basic authentication. This configuration will give DSML Services for Windows access to Active Directory, but you will not get the benefits of integrated authentication.