Re: Web Service, Authentication, Security & Domains

The easy way to do this is with Basic authentication and SSL.
Unfortunately, that does send the password across the wire (although it is
encrypted with SSL), so if that absolutely cannot happen, then you can't use
that approach.

The problem with using a Kerberos based approach is that the clients must be
able to contact the KDC to get a Kerberos ticket, and generally, you don't
have the KDC hanging out on the public Internet! If you could do that, you
could use IWA/Negotiate auth in IIS and it would work.

My recommendation is to push for Basic/SSL.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Igor Volkin" <igorvolkin@xxxxxxxxxxxxxxx> wrote in message
news:1154952967.941190.99760@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
kind regards to all.

I'm faced against an implementation problem on which I need some
guidelines and advice.

my client has a Win2k3 domain with ActiveDirectory.

I need to implement two parts of the solution:
a) Web Service that will run on a computer in the client's domain with
access to the AD
b) Windows application that will run on computers which are NOT part of
the client's domain

Windows application will communicate to the Web Service via internet
and perform some tasks that way.

the real problem follows: users that will use Windows application have
AD accounts in the client's domain, but they themselves will use
Windows application on computers OUT of the domain. and my Web Service
must allow Windows application users to authenticate and authorize with
AD, but so that the password (in any form) is NEVER sent across the
wire. data also must be transferred in a secure manner. so I need
something like Kerberos, but that works in my case.

what would be the simplest, yet feasible solution to this problem? does
WSE 3.0 have anything that could help me?

I hope I managed to depict the problem and I apologize for my english
if it's causing any misunderstandings.

tnx in advance



.

Relevant Pages

  • RE: Error accessing Java Web service over SSL with X.509
    ... The primary issue would appear to be understanding how SSL works. ... the certificate that is used is one that is ... Error accessing Java Web service over SSL with X.509 ... >When I tried this procedure on another machine (also running Windows XP ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: ADFS Development Issues
    ... One thing to keep in mind is that if a website is protected by ADFS V1, ... site to be automatically authenticated by our windows application so ... like a web service proxy. ... generated on the server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS Development Issues
    ... site to be automatically authenticated by our windows application so ... based on redirects and possibly uses forms-based authentication to collect ... web service proxies don't handle this type of thing ... the server based on how it needs to work. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Dynamically Change URL of web service
    ... Microsoft MVP - Windows Client ... > client apps will use the exact same web service, ... What this does is put an entry in the config file, ... >>> How can I dynamically change this when the client app loads. ...
    (microsoft.public.dotnet.framework.windowsforms)
  • RE: Web Service Security
    ... You could encrypt or hash your ... As far as web service authentication/authorisation is concerned you would be ... WSE does a pretty good job of abstracting away most of the ... a windows domain account). ...
    (microsoft.public.dotnet.framework.webservices)