Re: help on caller credentials !! :-(



I'm not certain that will solve all of your issues, but I'm pretty sure that
is a necessary step. In order to get Kerberos-based authentication, you'll
likely need to do more than that, but I'm not sure. I'm also not sure if
you need Kerberos or if NTLM will suffice.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"calderara" <calderara@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8DA93168-6DA7-40E1-A6E7-1C1AF2AD223A@xxxxxxxxxxxxxxxx
By setting the Network Service instead of local, I will defintly be able
to
reveive BOB under my Identity object ? hmmmm
Looks so simple, I will give a try..

thnaks
serge

"Joe Kaplan" wrote:

You shouldn't run as local service. You should run as Network Service
instead, as that will allow the service to access the network and
participate in domain-based authentication.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"calderara" <calderara@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:551CC5DF-DF28-403E-A30C-A55CD8A2C520@xxxxxxxxxxxxxxxx
Dear all,

I start to loose my hairs. Hoep someone could help me to recover..:-)
I have build a remote object hosted in a Windows Service runing as
LocalService.
I have then a claient application which calling that remote object and
based
on the caller credential I shouzld authorise hit or not to access to
back
end
database.

The situation is as follow :
My client is running as BOB. BOB is calling the remote object for data
storage. What I try to do is retriveing the caller credential from my
remote
object in order to athauticated for further process. The problem is
that
when
I check the wndows identity on my server side, it return the context on
which
my service is running and not my caller's context.

MY server config file is as follow :

<channels>
<!--<channel ref="tcp" port="8090"
useDefaultCredentials="False">-->
<channel ref="tcp" port="8090" secure="True"
impersonationLevel="Impersonate" protectionLevel="EncryptAndSign">
<serverProviders>
<formatter ref="binary" typeFilterLevel="Full"/>
</serverProviders>
</channel>
</channels>

Note that I am using .NEt 2.0

Thnaks again for your help ( I am fighting for a full week now on this
grrr
:-()
regards
serge





.



Relevant Pages

  • Re: Integrated Windows Authentication Timeout?
    ... For the second search, if the user account has an SPN of HTTP/webserver, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication since ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... You should then be able to see the SPNs that are on that account. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Security blues
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... running it, this is because of Windows security, not Code Access ... Doesn't sound like it should need admin rights. ...
    (microsoft.public.dotnet.security)
  • Re: How do I convert sid retrieved from the AD to SDDL string form
    ... LDAP doesn't support joins. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... objectSid property to a SecurityIdentifier class. ...
    (microsoft.public.dotnet.security)