Re: Web Service, Authentication, Security & Domains

Hi Igor,

Yes, your scenario is a bit complex since the machines are not in the
service domain.
Have you considered to use certificate authentication ? IIS also supports a
authentication mode called certificate authentication, when the user is
authenticated, IIS automatically maps the client certificate to a windows
account. That task is performed by IIS and it is transparent for the service
(the service only sees the authenticated windows account).
The only problem is that you have to deploy a certificate for each client
machine.

This article describes how to consume a service using certificate
authentication,

http://weblogs.asp.net/kennykerr/archive/2004/09/25/234250.aspx

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

"Igor Volkin" <igorvolkin@xxxxxxxxxxxxxxx> wrote in message
news:1154952960.652408.243290@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
kind regards to all.

I'm faced against an implementation problem on which I need some
guidelines and advice.

my client has a Win2k3 domain with ActiveDirectory.

I need to implement two parts of the solution:
a) Web Service that will run on a computer in the client's domain with
access to the AD
b) Windows application that will run on computers which are NOT part of
the client's domain

Windows application will communicate to the Web Service via internet
and perform some tasks that way.

the real problem follows: users that will use Windows application have
AD accounts in the client's domain, but they themselves will use
Windows application on computers OUT of the domain. and my Web Service
must allow Windows application users to authenticate and authorize with
AD, but so that the password (in any form) is NEVER sent across the
wire. data also must be transferred in a secure manner. so I need
something like Kerberos, but that works in my case.

what would be the simplest, yet feasible solution to this problem? does
WSE 3.0 have anything that could help me?

I hope I managed to depict the problem and I apologize for my english
if it's causing any misunderstandings.

tnx in advance



.

Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • RE: Double authentication (User & Machine) with VPN SSL
    ... If you've got Windows and IIS, ... server machine using the typical IPSec policy and normal IPSec certs. ... Double authentication with VPN SSL ... - our users will soon have a certificate in a USB token; ...
    (Security-Basics)
  • Re: Windows Authentication method on IIS6
    ... The microsoft.public.windows.server.* groups deal with Windows 2003 ... The microsoft.public.inetserver.* groups deal with IIS ... > the authentication button, ... You can configure either one or multiple realm names on a server running IIS ...
    (microsoft.public.win2000.security)
  • Re: How to access Windows IIS User Info with Perl
    ... but the IIS server is configured for Windows ... allowed for Basic Authentication, Windows Authentication (or whatever ... Do you know if they are part of a standard ...
    (comp.lang.perl.misc)
  • Windows Authentication with IIS on separate machines
    ... Yes, setting Basic Authentication in IIS works, but the ... >in SQL server but doesn't work if user account was ... >imported from a Windows account. ...
    (microsoft.public.sqlserver.security)