Single-sign-on .NET GUI to J2EE server
From: chris bono via .NET 247 (anonymous_at_dotnet247.com)
Date: 03/07/05
- Next message: Jijo Dominic via .NET 247: "CFileDialog and ImpersonateLoggedOnUser on Win2k system"
- Previous message: Mr Wakazula via .NET 247: "Security Token: connect as"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Single-sign-on .NET GUI to J2EE server"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Single-sign-on .NET GUI to J2EE server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 07 Mar 2005 11:38:37 -0800
We have a .NET GUI that is talking to a backend J2EE server using a proprietary bridging solution (not webservices). All of the GUI users logon to their machines, which in turn authenticates them against ActiveDirectory. So by the time the user pulls up the GUI s/he has already been authed against ActiveDirectory. So far, so good. The problem now arises as the J2EE server is protected against ActiveDirectory as well. So any access to the J2EE server requires user/pass to go against ActiveDirectory for auth/auth. We need to be able to extract the user/pass from the GUI and pass it down to the J2EE server for auth. Yes I know -- "we cant gain access to the password because of..."
So is there token or anything else that an ActiveDirectory "logon" provides me that I could pass to the J2EE server to say "hey its me and I am already logged on". I know that System.WindowsIdentity.Token is the pointer to the currently logged on identity that can be used to pass into native functions etc. but I don't think that is going to help me at all. What I would like to be able to do is from the GUI code -
1) talk to the AD api and say "give me the current logon session id"
2) pass the user and the result from 1) over to J2EE
3) on the J2EE side (I control the logon and access against AD here) take the
items passed from 2) and verify against the AD api that it is valid
Thanks and sorry for the long-drawn post. :)
--------------------------------
From: chris bono
-----------------------
Posted by a user from .NET 247 (http://www.dotnet247.com/)
<Id>rTc5ptomAEyDYrrpCV815Q==</Id>
- Next message: Jijo Dominic via .NET 247: "CFileDialog and ImpersonateLoggedOnUser on Win2k system"
- Previous message: Mr Wakazula via .NET 247: "Security Token: connect as"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Single-sign-on .NET GUI to J2EE server"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Single-sign-on .NET GUI to J2EE server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
