Re: Kerberos / NTLM question

From: Tony Malandain (tony.malandain_at_REMOVETHISba-insight.net)
Date: 03/24/04

Next message: John Saunders: "Re: Framework Versions vs. Remoted Framework Exceptions"
Previous message: Sebastien Lambla: "Re: Using a ServicedComponent as a remote component"
In reply to: Sam Cromer: "Kerberos / NTLM question"
Next in thread: Michael Hinkel: "Re: Kerberos / NTLM question"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 24 Mar 2004 16:39:24 -0500

The real question is: do you need to flow the user credentials to you
app server in the domain.
If so, then using basic authentication is the easiest way to go as the
initial hop will be initiated from the web server rather than from the
client.
If you can't switch to Basic Authentication, then you won't be able to
flow the user credentials (at least not unless you implement your own
sink - which is not recommended) and you'll need to have a trusted
connection between your web server and your app server.
In other words, your web server will be doing the
authentication/authorization and accessing your app server using a "well
known" account.
You can then host your .Net Remote object in asp.net (using basic
authentication) on your app server and access it from your web server
using this account.
Take a look at the credentialCache class to handle the connection
against your app server.
Now your problem becomes to securely store the credentials of your
"well-known" account on the web server. Take a look in the MSDN, there
are several solutions for that.

/Tony.
Sam Cromer wrote:

> I have an architecture that is a stand alone web server (not in a domain )
> that uses a remote component on an app server inside a domain. I have read
> all the MSDN articles and have a question. They all speak of using SSPI with
> Kerberos or NTLM, but in my situation neither can be used. Any help would be
> greatly appreciated.
>
> Sam
>
>

Next message: John Saunders: "Re: Framework Versions vs. Remoted Framework Exceptions"
Previous message: Sebastien Lambla: "Re: Using a ServicedComponent as a remote component"
In reply to: Sam Cromer: "Kerberos / NTLM question"
Next in thread: Michael Hinkel: "Re: Kerberos / NTLM question"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

RE: Cannot open log for source {0}. You may not have write access.
... I have another problem on my web server regarding event logs. ... application also writes to the custom event log on the web server. ... troubleshooting the error that occurred on the app server, ... Now even if I re-grant read/write access to same the registry key the ...
(microsoft.public.dotnet.framework.aspnet.security)
How Do I accomplish This
... I want to host my remoting component in an APP Server ... behind an IIS Web Server. ... What does my Web Config file look like on the Web Server to pass the Remote ... Currently I have the .NET Remotable object on the Web server, ...
(microsoft.public.dotnet.framework.remoting)
Re: Remote Auth question
... "Sam Cromer" wrote in message ... > What is the best way to accomplish this? ... > on an app server. ... > web server to the app server. ...
(microsoft.public.dotnet.framework.remoting)
Remote Auth question
... What is the best way to accomplish this? ... I have a web server (stand alone NOT on a domain) which uses a component ... on an app server. ...
(microsoft.public.dotnet.framework.remoting)