Re: Multi-Domain Authentication for Windows Services

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 06/07/05

Next message: D.Z. Simpson: "Re: MemoryStream requires FileIOPermission ???"
Previous message: Dominick Baier [DevelopMentor]: "Re: Multi-Domain Authentication for Windows Services"
In reply to: Jerry: "Multi-Domain Authentication for Windows Services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 07 Jun 2005 11:19:01 -0700

Hello Jerry,

additionally:

this is still a security risk - the service would then be *extremely* powerful.
if this is a requirement make better sure you really have robust code and
rock solid authorization/authentication.

But you would not have to do any password management.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I've written a Windows Service in .NET that performs Administrative
> tasks on remote systems. The service runs under credentials that have
> domain admin rights on the DEV domain.
>
> A client (who does not have trusts established between domains) has
> requested that I install my service in their environment with one
> catch : it should perform its tasks across systems in 20 domains from
> the same central server.
>
> Aside from re-writing the code to allow 20 different services run
> side-by-side on my server, does anyone have tips on how I could
> accomplish this multi-domain approach without compromising security?
> I realize that it would probably be relatively straightforward to
> launch new threads under various credentials -- but that would require
> that I actually store 20 different usernames & passwords somewhere. I
> could encrypt the credentials with DPAPI or AES, but I would prefer to
> leave credential management to Windows, if at all possible.
>

Next message: D.Z. Simpson: "Re: MemoryStream requires FileIOPermission ???"
Previous message: Dominick Baier [DevelopMentor]: "Re: Multi-Domain Authentication for Windows Services"
In reply to: Jerry: "Multi-Domain Authentication for Windows Services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Impersonation/Delegation security considerations
... security risk example. ... delegation you mean passing ... >only pass user's credentials to a SQL Server running on ... >Create a fake internal Web site. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Enabling TLS encryption
... Your vendor will send you the credentials to use. ... Yes, sending credentials by email in plain text is a security risk, not generally recommended. ...
(microsoft.public.exchange.admin)