Re: Authentication, Singal Sign On and AD

What protocol to you plan to use to talk to the server in this scenario?
These types of things tend to be fairly easy with Windows security and that
is supported by most of the protocols you are likely to want to use (web
services, etc.).

This should be fairly straightforward to do.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Koutilya" <Koutilya@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8C3D1439-0B19-420C-B868-F333C0F78D77@xxxxxxxxxxxxxxxx
Hi all,

I am new to Windows Authentication altough I have been reading about
windows
authentication for a few days now. Here is my problem.....I have windows
client applications that users would login to. All client instances will
be
running on windows machines and will be connected to a server where I have
DB
and other server side components running. My Authentication requirements
are
as follows:

A. On most of the client machines I would like to use single sign on to
login to my application. In other words the client application shall pass
the
user credential to my server and have it authenticated. Therefore there is
no
need for the user to enter his credentials.
B. On some client machines I do not want SSO and would like to prompt the
user for his credentials (user name and password) which shall be sent to
the
server for Authentication.

I am thinking of a solution which is in lines of writing a web service
that
will do the Authentication and Authorization (with AzMan). Client apps
during
login shall invoke a service on this web service and while doing so pass
their credentials (not as part of the service call) to the web service
which
shall do the authentication using AD.

My questions are as follow:
1. Is there a better way of doing this?
2. Requirement A - I am not able to figure out how to pass the logged in
user credentials from a windows application to a server for
authentication.
The server could be running Active Directory and the credentials it
receives
from the clients will have to be authenticated against the AD. Also in
this
scenario if we remove the AD from the server then how would the server do
authentication?
3. Requirement B - I was thinking of doing this by directly querying the
AD.
Is there a way I can meet both my requirements while I make the most of
the
windows authentication infrastructure that is available?

Thanks,
Koutilya


.

Relevant Pages

  • RE: Printing from Win9x clients stops
    ... Open Server Management. ... then right-click the name of the computer running Windows Small Business ... >From the client computer: ... The Select Network Component Type ...
    (microsoft.public.windows.server.sbs)
  • RE: Beginners Questions
    ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
  • RE: Printing from Win9x clients stops
    ... The printers with 9x drivers on the server appeared automatically in the ... > then right-click the name of the computer running Windows Small Business ... > From the client computer: ... The Select Network Component Type ...
    (microsoft.public.windows.server.sbs)
  • Re: SSPI Kerberos for delegation
    ... We want the authentication to happen without providing credentials ... But SSPI while authenticating from the client to the server can do mutual ...
    (comp.protocols.kerberos)