Re: Single Sign On - from anywhere

---

• From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 26 Jan 2006 06:35:03 +0000 (UTC)

---

Hi,

what do you mean with access files, db etc - you mean via the browser interface? Are these resource local or remote to the web server

1) IE is the only browser that supports kerberos directly. There are NTLM plugins for Firefox and Mozilla, but AFAIK they don't provide seamless login (without providing credentials)
2) this could be done with NTLM or some other HTTP auth mechanism

some points:

- for delegation to work you need kerberos end to end. Only IE supports Kerberos. IIS6 (in a W2k3 functionality level domain) supports transitioning between non-delegatable protocols like NTLM to Kerberos
- you need SSL - regardless of the authentication technique

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi;

I think this can be done. I want to be able to do the following:
1) User hits my ASP.NET app from a browser running on Windows XP, and
there
is a trust relationship between the domain they are logged in as on
their
workstation and the domain of the server I am running on -> I get
their
credentials with their not having to enter a username/password and I
can then
open files and access a database as them. Using any browser, not just
IE.
2) They or on a workgroup (not domain) or on a system without a trust
relationship, or on a non-Windows O/S, they are then prompted for
their username/password on the domain my server is running on and once
they enter it, I get their credentials, and I never see or touch their
password. And again, I can then open files & access the database as
them.

Can this be done? And if so, any urls to a simple example?

.

---

• Follow-Ups:
  • Re: Single Sign On - from anywhere
    • From: David Thielen

• Prev by Date: RE: Single Sign On - from anywhere
• Next by Date: Re: AccessMembershipProvider
• Previous by thread: RE: Single Sign On - from anywhere
• Next by thread: Re: Single Sign On - from anywhere
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Cached Logon ... "Roland Hall" wrote in message ... :>: supplies their credentials, and the browser sends them to the server. ... (microsoft.public.sqlserver.connect) Re: Cached Logon ... "Roland Hall" wrote in message ... :>: supplies their credentials, and the browser sends them to the server. ... (microsoft.public.sqlserver.server) Re: Cached Logon ... "Roland Hall" wrote in message ... :>: supplies their credentials, and the browser sends them to the server. ... (microsoft.public.win2000.networking) Re: Cached Logon ... "Roland Hall" wrote in message ... :>: supplies their credentials, and the browser sends them to the server. ... (microsoft.public.inetserver.iis) Re: Cached Logon ... "Roland Hall" wrote in message ... :>: supplies their credentials, and the browser sends them to the server. ... (microsoft.public.sqlserver.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-01