Re: UserName and Kerberos tokens at the same time

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Thanks for your response Henrik,
\par
\par What makes me feeling a bit strange is that the WSE 3.0 Kerberos demo also not work on your side? The build-in example program will pass the clientside current logon user's security credential (as kerberos token) to serverside... Are you logon the computer as a domain user when running the client application?
\par
\par Thanks,
\par
\par Steven Cheng
\par Microsoft Online Support
\par
\par Get Secure! www.microsoft.com/security
\par (This posting is provided "AS IS", with no warranties, and confers no rights.)
\par
\par \pard\li720 --------------------
\par From: "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx>
\par References: <uDOvP8Q8FHA.620@xxxxxxxxxxxxxxxxxxxx> <eHap0QR8FHA.1000@xxxxxxxxxxxxxxxxxxxx> <dau3PrY8FHA.3764@xxxxxxxxxxxxxxxxxxxxx> <OS79EfF9FHA.1484@xxxxxxxxxxxxxxxxxxxx> <7SHqboN9FHA.4000@xxxxxxxxxxxxxxxxxxxxx> <eG42Y8R9FHA.3416@xxxxxxxxxxxxxxxxxxxx> <t5c47rn9FHA.4028@xxxxxxxxxxxxxxxxxxxxx> <Osge9Tr9FHA.4036@xxxxxxxxxxxxxxxxxxxx> <#WX2Nuz9FHA.2708@xxxxxxxxxxxxxxxxxxxx> <dGWW$H09FHA.1236@xxxxxxxxxxxxxxxxxxxxx>
\par Subject: Re: UserName and Kerberos tokens at the same time
\par Date: Fri, 2 Dec 2005 16:05:00 +0100
\par Lines: 499
\par X-Priority: 3
\par X-MSMail-Priority: Normal
\par X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
\par X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
\par X-RFC2646: Format=Flowed; Original
\par Message-ID: <OFxSGH19FHA.3312@xxxxxxxxxxxxxxxxxxxx>
\par Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par NNTP-Posting-Host: 80.63.142.94
\par Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
\par Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.framework.webservices.enhancements:7818
\par X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par
\par Hi Steven,
\par
\par Thanks again.
\par
\par I think that you are right because I would expect the standard examples to
\par work. I have tried it on a Windows 2003 server as well and there I get the
\par same error.
\par
\par My client is a Windows application and I can se that the kerberos token is
\par ok, so it is something on the server side. Maybe the IIS is validation
\par agaings a wrong source or something like that.
\par
\par Do I have to do something special on the server side (IIS, Win3K) ?
\par
\par Thanks Henrik.
\par
\par
\par "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
\par news:dGWW$H09FHA.1236@xxxxxxxxxxxxxxxxxxxxxxxx
\par > Thanks for your respone and further info.
\par >
\par > I think the problem is likely due to the ASP.NET environment. Is your
\par > client application(which call the webservice) is also an asp.net
\par > application? The kerberos Security token will try establish the security
\par > token through the current exection context's security credential which
\par > must
\par > be a domain user account that can be authenticated by KDC(normally just
\par > the
\par > DC). So for ASP.NET the process identity is probably not a proper account.
\par > I would suggest you tried the code in a winform client or console
\par > application, the console app since in console or winform app, the current
\par > security context is the logon user session(which is likely a domain user
\par > ... ) ...
\par >
\par > Also, you can also check the following notes in wse documentation( if your
\par > webservice is on a machine other than win 2003 server):
\par > ====================
\par > Kerberos tokens work on computers with Windows Server 2003 or Windows XP
\par > with Service Pack 1 installed. When Windows XP is used, the account
\par > ASP.NET
\par > runs under is ASPNET by default and must be granted the Act as part of the
\par > operating system privilege. By default, the ASPNET account does not have
\par > this privilege. It is suggested that you run your Kerberos-secured Web
\par > services on Windows Server 2003. On Windows Server 2003, the Act as part
\par > of
\par > the operating system privilege is not required. On Windows XP you can
\par > configure the ASPNET account to have the Act as part of the operating
\par > system privilege using the Local Security Policy management application,
\par > but you should be aware that this affects all ASP.NET applications and
\par > results in less security for ASP.NET applications. Windows 2000 is not a
\par > supported operating system for this feature.
\par >
\par > ===================
\par >
\par > Thanks,
\par >
\par > Steven Cheng
\par > Microsoft Online Support
\par >
\par > Get Secure! www.microsoft.com/security
\par > (This posting is provided "AS IS", with no warranties, and confers no
\par > rights.)
\par >
\par >
\par >
\par > --------------------
\par > From: "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx>
\par > References: <uDOvP8Q8FHA.620@xxxxxxxxxxxxxxxxxxxx>
\par > <eHap0QR8FHA.1000@xxxxxxxxxxxxxxxxxxxx>
\par > <dau3PrY8FHA.3764@xxxxxxxxxxxxxxxxxxxxx>
\par > <OS79EfF9FHA.1484@xxxxxxxxxxxxxxxxxxxx>
\par > <7SHqboN9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
\par > <eG42Y8R9FHA.3416@xxxxxxxxxxxxxxxxxxxx>
\par > <t5c47rn9FHA.4028@xxxxxxxxxxxxxxxxxxxxx>
\par > <Osge9Tr9FHA.4036@xxxxxxxxxxxxxxxxxxxx>
\par > Subject: Re: UserName and Kerberos tokens at the same time
\par > Date: Fri, 2 Dec 2005 13:25:57 +0100
\par > Lines: 394
\par > X-Priority: 3
\par > X-MSMail-Priority: Normal
\par > X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
\par > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
\par > X-RFC2646: Format=Flowed; Response
\par > Message-ID: <#WX2Nuz9FHA.2708@xxxxxxxxxxxxxxxxxxxx>
\par > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par > NNTP-Posting-Host: 80.63.142.94
\par > Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
\par > Xref: TK2MSFTNGXA02.phx.gbl
\par > microsoft.public.dotnet.framework.webservices.enhancements:7813
\par > X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par >
\par > Extra info:
\par >
\par > If I run the example Kerberos solution I get some a detailed error
\par > message:
\par >
\par > Microsoft.Web.Services3.Security.SecurityFault: An invalid security token
\par > was provided ---> System.Security.SecurityException: WSE594:
\par > AcceptSecurityContext call failed with the following error message: Logon
\par > failure: unknown user name or bad password. . at
\par > Microsoft.Web.Services3.Security.Tokens.Kerberos.KerberosServerContext.Accep
\par > tContext(Byte[]
\par > inToken) at
\par >
\par > Does that help you in any way?
\par >
\par > "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx> wrote in message
\par > news:Osge9Tr9FHA.4036@xxxxxxxxxxxxxxxxxxxxxxx
\par >> Hi again Steven,
\par >>
\par >> Again, thank you very much for looking into this problem for me.
\par >>
\par >> I just tried to run my test project on a colleagues machine and he gets
\par >> the same error. I guess that there is nothing special in our environment,
\par >> we have a normal DC. I used to run kerberos authentication in wse for
\par > NET
\par >> 1.1 and there it worked fine.
\par >>
\par >> I have tried to run the two Quickstart examples:
\par >> WSSecurityKerberosPolicyService and WSSecurityKerberosCodeService and
\par >> there I get the following exception (inner exception of a soap exception)
\par >>
\par >> "Security requirements are not satisfied because the security header is
\par >> not present in the incoming message.".
\par >>
\par >> But when I run my test project which is using a custom policy I get the
\par >> following exception:
\par >>
\par >> WSE2005: Protection requirements in KerberosAssertion are not satisfied
\par >>
\par >> I guess that it basicly is the same problem I am having the the two
\par >> solutions.
\par >>
\par >> I can see that the Kerberos is beeing generated and assigned to the
\par >> proxy.
\par >>
\par >> I am BTW running the web service on the build in ASP . NET Development
\par >> Server if that has anything to do with the problem? Has it something to
\par > do
\par >> with impersonation?
\par >>
\par >> Any ideas??
\par >>
\par >> Thanks Henrik.
\par >>
\par >>
\par >> "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
\par >> news:t5c47rn9FHA.4028@xxxxxxxxxxxxxxxxxxxxxxxx
\par >>> Thanks for your followup Henrik,
\par >>>
\par >>> Then, it seems that the kerberos Token is not quite attached correctly
\par >>> at
\par >>> clientside... Have you ensure that the environment is qualified of using
\par >>> kerberos authentication, are you in a certain domain environment with a
\par >>> KDC(or DC....) ?
\par >>>
\par >>> Regards,
\par >>>
\par >>> Steven Cheng
\par >>> Microsoft Online Support
\par >>>
\par >>> Get Secure! www.microsoft.com/security
\par >>> (This posting is provided "AS IS", with no warranties, and confers no
\par >>> rights.)
\par >>>
\par >>> --------------------
\par >>> From: "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx>
\par >>> References: <uDOvP8Q8FHA.620@xxxxxxxxxxxxxxxxxxxx>
\par >>> <eHap0QR8FHA.1000@xxxxxxxxxxxxxxxxxxxx>
\par >>> <dau3PrY8FHA.3764@xxxxxxxxxxxxxxxxxxxxx>
\par >>> <OS79EfF9FHA.1484@xxxxxxxxxxxxxxxxxxxx>
\par >>> <7SHqboN9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
\par >>> Subject: Re: UserName and Kerberos tokens at the same time
\par >>> Date: Tue, 29 Nov 2005 20:57:13 +0100
\par >>> Lines: 285
\par >>> X-Priority: 3
\par >>> X-MSMail-Priority: Normal
\par >>> X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
\par >>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
\par >>> X-RFC2646: Format=Flowed; Original
\par >>> Message-ID: <eG42Y8R9FHA.3416@xxxxxxxxxxxxxxxxxxxx>
\par >>> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par >>> NNTP-Posting-Host: 80.63.142.94
\par >>> Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
\par >>> Xref: TK2MSFTNGXA02.phx.gbl
\par >>> microsoft.public.dotnet.framework.webservices.enhancements:7770
\par >>> X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par >>>
\par >>> Hi Steven,
\par >>>
\par >>> Thank you for your reply.
\par >>>
\par >>> Yes I works well with the UsernameToken.
\par >>>
\par >>> I get the same exception without the choiceAssertion. I have changed the
\par >>> policy to this:
\par >>> <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
\par >>>
\par >>> <extensions>
\par >>>
\par >>> <extension name="kerberosSecurity"
\par >>> type="Microsoft.Web.Services3.Design.KerberosAssertion,
\par >>> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
\par >>> PublicKeyToken=31bf3856ad364e35" />
\par >>>
\par >>> <extension name="requireActionHeader"
\par >>> type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
\par >>> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
\par >>> PublicKeyToken=31bf3856ad364e35" />
\par >>>
\par >>> </extensions>
\par >>>
\par >>> <policy name="ServicePolicy">
\par >>>
\par >>> <kerberosSecurity establishSecurityContext="false"
\par >>> renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
\par >>> messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
\par >>> ttlInSeconds="300">
\par >>>
\par >>> <protection>
\par >>>
\par >>> <request signatureOptions="IncludeAddressing, IncludeTimestamp,
\par >>> IncludeSoapBody" encryptBody="true" />
\par >>>
\par >>> <response signatureOptions="IncludeAddressing, IncludeTimestamp,
\par >>> IncludeSoapBody" encryptBody="true" />
\par >>>
\par >>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp,
\par >>> IncludeSoapBody" encryptBody="false" />
\par >>>
\par >>> </protection>
\par >>>
\par >>> </kerberosSecurity>
\par >>>
\par >>> <requireActionHeader />
\par >>>
\par >>> </policy>
\par >>>
\par >>> </policies>
\par >>>
\par >>> Do I need some signing or encryption? I guess that I don't need it
\par >>> because
\par >>> I
\par >>> am running over SSL, but maybe the KerberosAssertion requires it?
\par >>>
\par >>> Regards
\par >>>
\par >>> Henrik.
\par >>>
\par >>> "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
\par >>> news:7SHqboN9FHA.4000@xxxxxxxxxxxxxxxxxxxxxxxx
\par >>>> Hi Henrik,
\par >>>>
\par >>>> From the error message, request message's security header dosn't meet
\par >>>> the
\par >>>> server policy assertion's requirement. Also this occurs when you using
\par >>>> the
\par >>>> Kerberos token at clientside, but works well when you using
\par >>>> UsernameToken,
\par >>>> yes? Have you ever tried only using Kerberos token from clientside
\par >>>> (without using choiceAssertion) to see whether you can get kerberos
\par >>>> token
\par >>>> work correctly?
\par >>>>
\par >>>> Thanks,
\par >>>>
\par >>>> Steven Cheng
\par >>>> Microsoft Online Support
\par >>>>
\par >>>> Get Secure! www.microsoft.com/security
\par >>>> (This posting is provided "AS IS", with no warranties, and confers no
\par >>>> rights.)
\par >>>>
\par >>>>
\par >>>> --------------------
\par >>>> From: "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx>
\par >>>> References: <uDOvP8Q8FHA.620@xxxxxxxxxxxxxxxxxxxx>
\par >>>> <eHap0QR8FHA.1000@xxxxxxxxxxxxxxxxxxxx>
\par >>>> <dau3PrY8FHA.3764@xxxxxxxxxxxxxxxxxxxxx>
\par >>>> Subject: Re: UserName and Kerberos tokens at the same time
\par >>>> Date: Mon, 28 Nov 2005 21:10:22 +0100
\par >>>> Lines: 176
\par >>>> X-Priority: 3
\par >>>> X-MSMail-Priority: Normal
\par >>>> X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
\par >>>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
\par >>>> X-RFC2646: Format=Flowed; Original
\par >>>> Message-ID: <OS79EfF9FHA.1484@xxxxxxxxxxxxxxxxxxxx>
\par >>>> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par >>>> NNTP-Posting-Host: 80.63.142.94
\par >>>> Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
\par >>>> Xref: TK2MSFTNGXA02.phx.gbl
\par >>>> microsoft.public.dotnet.framework.webservices.enhancements:7756
\par >>>> X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par >>>>
\par >>>> Hi Steven,
\par >>>>
\par >>>> Again thank you very much for your reply. I tried to implement the
\par >>>> PolicyChoiceAssertion from the example but now I get an exception when
\par >>>> I
\par >>>> run
\par >>>> with the KerberosAssertion. The code throws the exception when I call
\par >>>> HelloWorld in the example below. The PolicyChoiceAssertion is the same
\par >>>> as
\par >>>> the one from the example.
\par >>>>
\par >>>> Exception:
\par >>>> \{"WSE2005: Protection requirements in KerberosAssertion are not
\par >>>> satisfied."\}
\par >>>>
\par >>>> It works fine when I run with the UserNameAssertion. My policy looks
\par >>>> like
\par >>>> this:
\par >>>>
\par >>>> <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
\par >>>>
\par >>>> <extensions>
\par >>>>
\par >>>> <extension name="usernameOverTransportSecurity"
\par >>>> type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion,
\par >>>> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
\par >>>> PublicKeyToken=31bf3856ad364e35" />
\par >>>>
\par >>>> <extension name="kerberosSecurity"
\par >>>> type="Microsoft.Web.Services3.Design.KerberosAssertion,
\par >>>> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
\par >>>> PublicKeyToken=31bf3856ad364e35" />
\par >>>>
\par >>>> <extension name="requireActionHeader"
\par >>>> type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
\par >>>> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
\par >>>> PublicKeyToken=31bf3856ad364e35" />
\par >>>>
\par >>>> <extension name="policyChoice"
\par >>>> type="MindKey.License.Assertion.PolicyChoiceAssertion, Service
\par >>>> Assertion
\par >>>> Library"/>
\par >>>>
\par >>>> </extensions>
\par >>>>
\par >>>> <policy name="ServicePolicy">
\par >>>>
\par >>>> <policyChoice>
\par >>>>
\par >>>> <usernameOverTransportSecurity />
\par >>>>
\par >>>> <kerberosSecurity establishSecurityContext="false"
\par >>>> renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
\par >>>> messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
\par >>>> ttlInSeconds="300">
\par >>>>
\par >>>> <protection>
\par >>>>
\par >>>> <request signatureOptions="IncludeAddressing, IncludeTimestamp,
\par >>>> IncludeSoapBody" encryptBody="true" />
\par >>>>
\par >>>> <response signatureOptions="IncludeAddressing, IncludeTimestamp,
\par >>>> IncludeSoapBody" encryptBody="true" />
\par >>>>
\par >>>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp,
\par >>>> IncludeSoapBody" encryptBody="false" />
\par >>>>
\par >>>> </protection>
\par >>>>
\par >>>> </kerberosSecurity>
\par >>>>
\par >>>> </policyChoice>
\par >>>>
\par >>>> <requireActionHeader />
\par >>>>
\par >>>> </policy>
\par >>>>
\par >>>> </policies>
\par >>>>
\par >>>> and the code calling using the KerberosAssertion looke like this:
\par >>>> TestWS testWS = new TestWS();
\par >>>>
\par >>>> KerberosAssertion assertion = new KerberosAssertion();
\par >>>>
\par >>>> assertion.KerberosTokenProvider = new KerberosTokenProvider("host/" +
\par >>>> System.Net.Dns.GetHostName(), ImpersonationLevel.Identification);
\par >>>>
\par >>>> Policy policy = new Policy();
\par >>>>
\par >>>> policy.Assertions.Add(assertion);
\par >>>>
\par >>>> testWS.SetPolicy(policy);
\par >>>>
\par >>>> MessageBox.Show(testWS.HelloWorld());
\par >>>>
\par >>>>
\par >>>> I hope you can helpe me!
\par >>>>
\par >>>> Thanks Henrik.
\par >>>>
\par >>>> "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
\par >>>> news:dau3PrY8FHA.3764@xxxxxxxxxxxxxxxxxxxxxxxx
\par >>>>> Hi Henrik,
\par >>>>>
\par >>>>> As for attaching different kind of Security Tokens in client request
\par >>>>> and
\par >>>>> let the serverside policy access and peform authenticate on all of
\par >>>>> them
\par >>>>> (or
\par >>>>> some of them...), that's certainly possible. However, currently the
\par >>>>> buildin
\par >>>>> WSE 3.0 PolicyAssertions (UsernameOverTransport,
\par >>>>> KerberosSecuirty...
\par >>>>> .)
\par >>>>> only target a single type of security token. So if you need to have
\par >>>>> your
\par >>>>> service utilize a policy which will authenticate multiple client
\par >>>>> security
\par >>>>> tokens (of different types), we should create our own PolicyAssertion
\par >>>>> classes. For creating WSE 3.0 custom Policy Assertion, you can refer
\par >>>>> to
\par >>>>> the
\par >>>>>
\par >>>>> "Custom Policy Assertions "
\par >>>>>
\par >>>>> section in the WSE 3.0 Document. And the QuickStart samples also
\par >>>>> including
\par >>>>> Custom Policy example. Also, the important things is that we need to
\par >>>>> deinfe
\par >>>>> the proper InputFilters and OutputFilters for our custom
\par >>>>> PolicyAssertion.
\par >>>>> And for secuirty Policy Assertion, we should make our inputFilter and
\par >>>>> outpuFilter derived from "ReceiveSecurityFilter" and
\par >>>>> "SendSecurityFilter"
\par >>>>> class.
\par >>>>>
\par >>>>> After we define the custom PolicyAssertion, we can use it
\par >>>>> programmatically
\par >>>>> in code or define in Policy file statically.
\par >>>>>
\par >>>>> Hope helps. Thanks,
\par >>>>>
\par >>>>> Steven Cheng
\par >>>>> Microsoft Online Support
\par >>>>>
\par >>>>> Get Secure! www.microsoft.com/security
\par >>>>> (This posting is provided "AS IS", with no warranties, and confers no
\par >>>>> rights.)
\par >>>>>
\par >>>>>
\par >>>>>
\par >>>>> --------------------
\par >>>>> From: "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx>
\par >>>>> References: <uDOvP8Q8FHA.620@xxxxxxxxxxxxxxxxxxxx>
\par >>>>> Subject: Re: UserName and Kerberos tokens at the same time
\par >>>>> Date: Thu, 24 Nov 2005 17:29:10 +0100
\par >>>>> Lines: 19
\par >>>>> X-Priority: 3
\par >>>>> X-MSMail-Priority: Normal
\par >>>>> X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
\par >>>>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
\par >>>>> X-RFC2646: Format=Flowed; Response
\par >>>>> Message-ID: <eHap0QR8FHA.1000@xxxxxxxxxxxxxxxxxxxx>
\par >>>>> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par >>>>> NNTP-Posting-Host: 80.63.142.94
\par >>>>> Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
\par >>>>> Xref: TK2MSFTNGXA02.phx.gbl
\par >>>>> microsoft.public.dotnet.framework.webservices.enhancements:7731
\par >>>>> X-Tomcat-NG:
\par >>>>> microsoft.public.dotnet.framework.webservices.enhancements
\par >>>>>
\par >>>>> Extra comment:
\par >>>>>
\par >>>>> It should also be a policy.
\par >>>>>
\par >>>>> "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx> wrote in message
\par >>>>> news:uDOvP8Q8FHA.620@xxxxxxxxxxxxxxxxxxxxxxx
\par >>>>>> Hi,
\par >>>>>>
\par >>>>>> I would like to authorize the user using a Kerberos, a UserName or at
\par >>>>>> custom token depending on what I receive from the user.
\par >>>>>>
\par >>>>>> Is that possible?
\par >>>>>>
\par >>>>>> Thanks
\par >>>>>>
\par >>>>>> Henrik
\par >>>>>>
\par >>>>>
\par >>>>>
\par >>>>>
\par >>>>
\par >>>>
\par >>>>
\par >>>
\par >>>
\par >>>
\par >>
\par >>
\par >
\par >
\par >
\par
\par
\par \pard
\par
\par }