Re: NTLM API Authentication

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Christoph Schittko [MVP] (INVALIDEMAIL_at_austin.rr.com)
Date: 01/26/05 

Date: Tue, 25 Jan 2005 21:05:45 -0600

MSH,

One thing up front: You should NOT send unencrypted passwords via a web
service. SOAP uses XML format, which is text. Therefore everybody on the

big, bad internet can potentially get to your username and password.

Now, what exactly are you trying to do? IIS and ASP.NET or WSE (Web
Services Enhancements) both can so some of this functionality for you.
You could enable IIS authentication and mandate user authentication to
your web service via the authentication element in your web service's
web.config file. Or you could set up WSE to get the callers identity
from a UsernameToken or a Kerberos token. Both solutions require that
your web service client are able to communicate usernames and passwords
as the service requires.

Is there any reason why you are looking to do this by hand?

HTH,
Christoph Schittko
MVP XML
http://weblogs.asp.net/cschittko

> -----Original Message-----
> From: Maninder [mailto:Maninder@discussions.microsoft.com]
> Posted At: Tuesday, January 25, 2005 6:41 PM
> Posted To: microsoft.public.dotnet.framework.aspnet.webservices
> Conversation: NTLM API Authentication
> Subject: NTLM API Authentication
>
> Hi,
> I'm totally novice when it comes to authentication protocols.
> Here is what is needed to be done: Create a web service which calls
the
> NTLM
> API for authenticating the user. I guess the parametres needed to be
> passed
> to this web service are:(a)username (b) password and maybe (c) domain
> name.
> It should return "True" or "False".
>
> How simple or hard is it to accomplish it? What are the major steps to
be
> performed? What needs to be done on the 2003 Server to make all this
> happen?
>
> Any help would be much appreciated.
> --
> MSH

Relevant Pages

  • Re: Need to upgrade password security
    ... system in place using mod_auth_mysql and Basic authentication. ... should be able to set their own passwords and change them. ... I've never written any PHP or Javascript, but I'm experienced with CGI. ... relying on basic HTTP authentication ...
    (comp.infosystems.www.servers.unix)
  • Re: Windows Authentication (asp.net 1.1 C#)
    ... it is up to you how you store your passwords - FormsAuth is just a mechanism ... Usually you store the passwords in a database using salted hashes - have a look at PasswordDeriveBytes class ... Authentication or Form Authentication. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • SSH Close to working, but need help!
    ... connecting to host with "public authentication failed for user xxx" ... Protocol 2,1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
    (comp.security.ssh)
  • problem on sshd setup: public key support
    ... Now I have some problem to setup public key authentication: ... Server refused our key ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS ...
    (comp.os.linux.misc)
  • Re: Sparc Solaris NIS client Linux NIS server
    ... >> I'll check over the nsswitch.conf and verify that its right. ... >> insecurities with NIS. ... If "shadow" passwords are enabled properly, ... once I get the authentication working I will ...
    (comp.os.linux.setup)