Re: WSE 2 and impersonation

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Michael Riggio (michael.spam.riggio_at_spam.unisys.spam.com)
Date: 08/26/04 

Date: Thu, 26 Aug 2004 15:19:55 -0400

We don't plan on working with kerberos. Also, it seems that WSE expects you
to pass the actual username and password to their API... there's no way to
retrieve that information from the principal, as far as I know. It would be
great if the WSE API allowed you to pass the principal you want to use and
have it extract the information it needs in order to impersonate.

Any other thoughts?

"HongMei Ge" <hongmeig@online.microsoft.com> wrote in message
news:eNsZ1t5iEHA.2436@TK2MSFTNGP09.phx.gbl...
> Can you get a WindowsIdentity out of the principal and invoke
"Impersonate"?
>
> If so, you can try to use kerberos token. Make sure your server side
checks
> the kerberos token's identity is really the COM caller.
> However, it depends on what impersonation permission you can get on your
WSE
> 2 client machine to be able achieve that.
>
> Let me know if this works.
>
> hongmei
>
> "Michael Riggio" <michael.spam.riggio@spam.unisys.spam.com> wrote in
message
> news:u3jOhKuiEHA.4020@TK2MSFTNGP10.phx.gbl...
> > I have a WSE 2 server and an older .Net application that I extended that
> now
> > acts as a WSE 2 client. Part of the original functionality of the
client
> > was that it was available to COM callers. I now want the client to
> > impersonate the COM caller and send some soap messages to my WSE 2
server.
> >
> > Before the client makes the WSE call I am able to grab the current user
> > principle in order to impersonate, but I'm not sure how to package that
up
> > into the WSE call (WSE seems to want username/password). Any thoughts?
> >
> > Thanks,
> > -Mike
> >
> >
>
>

Relevant Pages

  • Re: WSE 2 and impersonation
    ... Can you get a WindowsIdentity out of the principal and invoke "Impersonate"? ... it depends on what impersonation permission you can get on your WSE ... client machine to be able achieve that. ... > impersonate the COM caller and send some soap messages to my WSE 2 server. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WSE 2 and impersonation
    ... If WSE 2.0 is installed on Windows ServerT 2003 or Windows® XP with Service ... Kerberos has the benefit of being an open security standard, ... thus promoting interoperability between WSE-enabled Web service applications ... won't work for messages sent from server to client as the client has no way ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • WSE 2 and impersonation
    ... I have a WSE 2 server and an older .Net application that I extended that now ... Part of the original functionality of the client ... impersonate the COM caller and send some soap messages to my WSE 2 server. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • WSE and NT Authentication
    ... Been tasked to look at changing the way we use WSE. ... client pass in the Username token. ... Thinking about going to Kerberos and using ... If the calling app is a winform app, ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: How to call Web Service Securely
    ... Maybe I am complicating WSE too much - can you point me to a simple ... you could provide a logon screen in the client app and create a NetworkCredential ... tokens - but that is tied to .NET 2.0 ... make a web method via dialup to my IIS Web Service. ...
    (microsoft.public.dotnet.framework.aspnet.security)