RE: WS Security issues

We have a similar setup that you described.
We are sending the Username/password in the userName token, the Webservice
server machine needs to be in the same domain as of the AD, if an invalid
username/password is sent and it cannot be authenticated it will throw a
SoapFault. The username/password is sent as plaintext in the usernameToken.

We are using SSL for making sure that the channel is secure.

If you plan to implement the X.509 for encryption my guess is that it will
be drag on the performance.
"Henrik Skak Pedersen" wrote:

> Hello,
>
> I am working on a product when we are shipping a web service and a windows
> client to several end-customers. The web service should be able to run
> either on the inside or on the outside of their firewall. The same CD are
> being sent to all customers, so it is not possible to modify anything from
> customer to customer. The software should run directly after installation,
> without obtaining certificates or anothing else.The clients are running on
> Windows 2000 server and client, Windows XP and Windows Server 2003.
>
> I have two demands:
>
> 1) All WS requests from the client needs to be authorized by AD. It should
> be possible to log in using the current credentials or by specifying an user
> name/password pair.
>
> 2) All WS requests from the client needs to be encrypted and signed
>
> I have looked into X509SecurityToken, KerberosToken and UsernameToken. But I
> just can't see how I solve this the the best way.
>
> If I use X.509 for signing and encryption, then I guess that I have to
> distribute the same certificate to all customers, which I guess not i a
> smart idea.
> I have read that the KerberosToken does not work for Windows 2000.
>
> Any recommendations?
>
> Regards
>
> Henrik Skak Pedersen
>
>
>
.

Relevant Pages

  • Re: OLAP Client connectivity
    ... Was finally able to login to OLAP from the client. ... They only pass their username/password to ... > the domain when adding users in SQL Server 2000. ...
    (microsoft.public.sqlserver.olap)
  • Pass-through authentication from desktop to remote server
    ... I'm trying to set up some client workstations currently running XP to ... act as if they were thin clients connecting to SBS2003 server. ... prompted for username/password, they are immediately logged on to ... to mstsc, but again, this would happen on the user level GP rather ...
    (microsoft.public.windows.terminal_services)
  • Re: IE prompts for username password when saving excel file opened
    ... challenge for username/password when required to authenticate -- it is up to ... the client to know how to satisfy that requirement without popping up the ... I'm having a problem with IIS server. ... it opens in IE and if I try save the document ...
    (microsoft.public.inetserver.iis.security)
  • Remote authentication of user using NTLM?
    ... I'm attempting to use NTLM SSP via SSPI to authenticate users. ... username/password entered by the user to the AcquireCredentialsHandle ... If I run the client application on the server, ...
    (microsoft.public.platformsdk.security)
  • Re: Log-on in Peer to Peer vs. Log-on in client/server network
    ... > up to be part of the SBS domain when they do start their PC's and log on ... > the server if they have the same username/password for the server? ... log to "local user account" instead you log into the Domain. ... to worry about having the same username/password, ...
    (microsoft.public.windows.server.sbs)