Re: Kerberos authentication NOT in AD
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 5 Jan 2007 12:11:27 -0600
If you want to do forms auth and use plaintext credentials (instead of
trying to make this work with integrated Windows auth), then this should be
something that is pretty doable.
The trick is to find a piece of code running somewhere that can take a
username and password and authenticate it against your Kerb realm. Then,
you just need an appropriate wrapper around that which can be used to call
it remotely from your ASP.NET app.
The web service approach makes a lot of sense for your remoting wrapper, but
there are other ways to do that. If you can get some Windows code that can
do the authentication for you, I would think you could do this as an
in-process call directly from ASP.NET in the forms authentication event
handler. This would require having appropriate port 88 access to the kerb
realm from the web server, obviously.
How are you able to authenticate programmatically now?
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Gary" <Gary@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9B8F838D-62D5-4B4F-A3D0-357183419ACE@xxxxxxxxxxxxxxxx
I'm looking for the second one. This is a UNIX realm, and I just can't
find
anything. I did find IISPassword
<http://www.troxo.com/products/iispassword/>, but that only does basic
authentication, and I also took a look at MADAM
<http://msdn2.microsoft.com/en-us/library/aa479391.aspx>, but that doesn't
seem to work either. What would be nice to do would be to use forms
authentication to pass the user credentials to a web service that could
authenticate against the Kerberos realm, but all the SOAP examples out
there
are really confusing.
Thanks!
"Joe Kaplan" wrote:
I don't have a lot of experience with doing this, but I'm curious if you
want this integration to work at the Windows level such that you can log
in
to Windows with an external Kerb realm (possible) and thus get that
support
from IIS, or if you want to find a Kerberos stack for .NET that you can
integrate at the app level?
I imagine that either approach could work, but you'd be skinning the cat
two
totally different ways.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Gary" <Gary@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:03F78D62-DB86-43EE-BB25-E392A6826C73@xxxxxxxxxxxxxxxx
I'm trying to authenticate against a non-Active Directory Kerberos
realm
for
an ASP.NET application. I've seen so much stuff out there it's not
even
funny -- is there a halfway easy solution?
Thanks.
.
- Follow-Ups:
- Re: Kerberos authentication NOT in AD
- From: Gary
- Re: Kerberos authentication NOT in AD
- References:
- Re: Kerberos authentication NOT in AD
- From: Joe Kaplan
- Re: Kerberos authentication NOT in AD
- Prev by Date: Re: Kerberos authentication NOT in AD
- Next by Date: Re: Kerberos authentication NOT in AD
- Previous by thread: Re: Kerberos authentication NOT in AD
- Next by thread: Re: Kerberos authentication NOT in AD
- Index(es):
Relevant Pages
|
Loading
