RE: Can I serialize cached credentials for later authentication on server?

---

• From: jetan@xxxxxxxxxxxxxxxxxxxx ("Jeffrey Tan[MSFT]")
• Date: Fri, 20 Oct 2006 06:45:27 GMT

---

Hi Bill,

Based on my understanding, your client application is communicating with a
Web Service on another machine. When the network is unavailable for client
machine, your client application will send all the request to a Windows
Service application on the same client machine so that this Windows Service
application can cache the requests and resend these requests to Web
Services for authentication after network is ok. If I have misunderstood
you, please feel free to tell me, thanks.

Normally, in this scenario, the recommended solution is letting the Windows
Service impersonating the client application account. With impersonating
the client application in the Windows Service thread, this impersonating
thread can send the request to the Web Service on behalf of the client
application with the same security context. So the integrated Windows
authentication on IIS will help to authenticate the Windows Service thread
request correctly. The problem is that while the Windows Service thread is
serving request from client application the network is still unavailable,
although this thread can impersonate as the client account, it still can
not communicate with the remote Web Service. To resolve this issue, my
thought is storing the client request security token in the Windows Service
application for caching. After the network is available, the Windows
Service application will detect this and retrieve the previous stored token
and call SetThreadToken to impersonate as the client application. Now, the
Windows Service thread is acting as the client application account, it can
communicate with the Web Service of remote machine and let IIS authenticate
the impersonated account.

Does this logic meet your need?

The problem of this approach is that the user that is using the client
machine may just log off from the client machine before the network is
available, so the entire logon session may be destroyed. Since the token is
a structure pointed to the logon session, I suspect if the cached token in
the Windows Service is valid anymore. I will try to consult internally to
make this problem clear. I will get back to you ASAP. Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

---

• Follow-Ups:
  • RE: Can I serialize cached credentials for later authentication on
    • From: Eric Perlin [MSFT]
  • Re: Can I serialize cached credentials for later authentication on server?
    • From: Bill Davidson

• References:
  • Can I serialize cached credentials for later authentication on server?
    • From: Bill Davidson

• Prev by Date: Re: Detecting user logon logoff
• Next by Date: Re: API for joining a computer to domain
• Previous by thread: Can I serialize cached credentials for later authentication on server?
• Next by thread: Re: Can I serialize cached credentials for later authentication on server?
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Hosting a Web Service in a Windows Service ... I've got a windows service application and a winforms (client) ... What I need to do is to host a web service in the windows ... BizTalk Utilities - Frustration free BizTalk Adapters ... (microsoft.public.dotnet.framework.webservices) RE: Can I serialize cached credentials for later authentication on ... The logon session only disappears when all tokens referencing it are closed, ... Note that the original request made no assumption with regards to the moment ... When the network is unavailable for client ... Service application on the same client machine so that this Windows Service ... (microsoft.public.platformsdk.security) Re: I am at a lost.... WCF ... I can consume the WCF service that hosted in a remote Windows Service. ... Make sure we have changed the client configuration to align the server address. ... My first guess would be that there is a firewall in the way ... I did follow your conversation with the original poster and today I ... (microsoft.public.dotnet.framework.webservices) Re: Help With Windows Services ... turning your server app into a web service? ... Several of the clients are run on network computers. ... So the client, the server app, and the DLL's are ... (microsoft.public.dotnet.languages.vb) Re: Looking For Code Sample and Request Feedback ... I would prefer to use a Windows Service but a web service will do to. ... What is very easy to do on a Server 2003 and with VBNet? ... > I am looking for a code sample that communicates from a client to a remote> Windows Service on another computer over the internet, that is the Windows> Service performing instructions the client sends. ... the client does the office automation and the actual> communication of the commands to this server. ... (microsoft.public.dotnet.languages.vb)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)