Re: authentication using custom UsernameTokenManager class.....

From: Ollie (ollie_riches_at_hotmail.com)
Date: 11/15/04 

Date: Mon, 15 Nov 2004 15:58:13 -0000

i found this on MSDN

http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/wssecdrill.asp#ws-securitydrill_topic3

and it gives an example on interigating the windows principal object after
authorisation has been completed but this has to be done from inside the web
method not prior to the actual web method being called. Can't WSE do
authorisation in a similar way to it does authentication?

Ollie

"Ollie" <ollie_riches@hotmail.com> wrote in message
news:ODi2XlyyEHA.1196@TK2MSFTNGP15.phx.gbl...
> I have been able to authenticate a user account against Active Directory
> using the UsernameTokenManager class,
> what I would like to do is determine if the account has a certain role and
> check this against the web method that is being called.....
>
> I guess what I'm trying to do is authentication then authorisation for a
> particular web method, does WSE 2.0 offer anything for authroisation
against
> a particular security (AD) role? If not does anyone have any good
> suggestions?
>
> What I don't want to do is to use the UsernameTokenManager to do implicit
> authentication checks and then have to explict role determination in each
> web method I want to be able to do this implicitly some how...
>
> Hope that makes sense....
>
>
> Ollie Riches
>
>

Relevant Pages

  • Re: Per-method role management
    ... > To return HTTP code 403 you might have to fail it already in the HttpModule ... > where you do the digest authentication (I'm not sure if you can hack the web ... > would have to reflect the web method, see if it has the PrincipalPermission ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Forms Authentication behavior on request denial
    ... by Forms Authentication. ... You could then also get around your authorisation problem ... by explicitly redirecting authenticated, unauthorised ... >> You're seeing the expected behavior. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: IAS authorization against AD groups without authentication
    ... When I send through a RADIUS-REQUEST for authentication and pass a valid ... username and password, IAS finds the account object, authenticates me and ... When I send the same username string through for authorisation the IAS ...
    (microsoft.public.internet.radius)
  • Active Directory authentication / authorisation
    ... authentication / authorisation functionality in MS Access; ... The parameters used there are the LDAP parameters for AD: ...
    (comp.databases.ms-access)
  • RPC and Kerberos v5 ?
    ... I'm currently working on the design of an authorisation system. ... I need to use Kerberos v5 authentication. ... Or should I use sun-rpc with this gss stuf as defined in the rpc header files on solaris? ...
    (comp.unix.programmer)