How to pass a password to a network service

From: "ssg31415926" <newsjunkmail@xxxxxxxxx>
Date: 6 Sep 2005 04:25:58 -0700

I administer a Server 2003/XP network. A developer has come to me with
a proposal to put in a web service-based application. The workstations
will be XP and the servers 2003 but he can't use Integrated Windows
authentication with the logged-on account because some of the
workstations are shared and have a "department" account (with minimum
access*), so the user will be signing in to the application. They all
have Windows accounts which he wants to pass to the web service so that
it can authenticate the user.

My concern is network security. He's looking at using
System.Net.NetworkCredential to pass the account. I dabble in .NET
myself so I had a look at MSDN. The example code starts with this:

NetworkCredential myCred = new NetworkCredential(
SecurelyStoredUserName, SecurelyStoredPassword,
SecurelyStoredDomain);

but I can't find how the strings are stored securely. Am I right in
thinking that if you put plain text strings in here, that they'd be
passed in plain text across the network? How do you avoid the security
risk? Is SSL the only route? Or am I barking up the wrong tree?

* Yes, I know this is a bad idea but these users don't have time to log
on and off each time they use the shared workstations so we came to
this locked-down workstation compromise.

.

Follow-Ups:
- RE: How to pass a password to a network service
  - From: Prakash M
- Re: How to pass a password to a network service
  - From: Ollie Riches

Prev by Date: Re: RequestElementName is being changed
Next by Date: RE: DIME - Alive or Dead?
Previous by thread: RequestElementName is being changed
Next by thread: Re: How to pass a password to a network service
Index(es):
- Date
- Thread

Relevant Pages

Controls for client machines
... I am trying to assess the risks that this causes to local data files and network security in general. ... For NT workstations it would be possible to use a NTFSDOS boot disk to ... allows the password of any local account to be set. ... domain account while disconnected from the network. ...
(microsoft.public.security)
Re: Possible inside security breach
... By default "authenticated users" can add up to ten workstations to a domain which ... means that ANYONE that know a logon/password for a domain account can add a ... ipsec policy to use for network communications restricted to only domain ... > who connect via a VPN. ...
(microsoft.public.win2000.security)
cant connect to CUPS printer from XP home
... I have a Debian/Sarge server ... Both workstations are able to connect to the network shares and print to ... corresponding account on the server using Samba. ...
(comp.os.linux.security)
Re: Unable to add users to local groups on member workstations
... Anyway the network trace I was talking about wasn't a tracert, it was a sniff of the network traffic with netmon or wireshark or something. ... Joe Richards Microsoft MVP Windows Server Directory Services ... Once I fixed DHCP on the Firebox, computer management worked normally on the workstations. ... "Brian P." wrote: ...
(microsoft.public.windows.server.active_directory)
Re: How to pass a password to a network service
... >I administer a Server 2003/XP network. ... > workstations are shared and have a "department" account (with minimum ... > SecurelyStoredUserName, SecurelyStoredPassword, ...
(microsoft.public.dotnet.framework.webservices)