Re: passing credentials

Windows Authentication will negotiate either NTLM or Kerberos which will
provide confidentiality for your credentials. Another alternative is to use
SSL.
WEP has been shown to have some vulnerabilities, so you shouldn't rely on
WEP alone to provide confidentiality.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2007 Microsoft Corporation. All rights
reserved.

"Eric" <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7B8D67E7-6E41-47B8-981D-A027557809E8@xxxxxxxxxxxxxxxx
Paul, thank you for your response.

The web service is currently in development and under my control, so I can
change it. Right now, I have it set to use Windows Authentication only
(no
anonymous or unauthenticated access). On the device, Win CE 5.0, I've set
the 'Owner' information to include the domain and a valid domain uid and
password. Will these credentials be 'passed' to the web service if the
web
service is configured for Windows Authentication only? So far, network
access to resources (files, etc.) seem to handle the domain security
properly. Are the domain credentials secure if passed over Wireless with
WEP?

Thanks again for the information.

"Paul G. Tobey [eMVP]" wrote:

Well, your wireless stream *is* encrypted with the WEP key. That's not
good
enough? If all you're doing is sending clear text user name and
password,
you could arrange to negotiate some further encryption of the data stream
with the server. I don't think that you've really told us enough to know
what's even possible for you... The Web service has a pre-defined
characteristics and you can't change that? What is that characteristic?
If
it's taking clear text user name and password now, it's not secure
regardless of whether you get to it via wireless or wired connection.

Paul T.

"Eric" <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:14C14151-351C-457D-A52D-09C080AB6C64@xxxxxxxxxxxxxxxx
I'm developing a .Net CF 2.0 app for an HHP Dolphin 7600. I'm
connecting
over 802.11g with WEP only. I want to pass domain credentials from the
device to a web service without having to configure 802.1x, RADIUS,
etc.
Is
there a way to securely do this? The goal, since this app runs solely
within
the intranet, is to use Windows Authentication for everything.





.

Relevant Pages

  • Re: web service 401 unauthorized
    ... So using Windows authentication in the IIS without ... some sort of mechanism to transmit credentials as one would get with a normal ... and allow user identity to pass thru to the web service and then to a ... webservices but it does not work when I switch this off and windows ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: About the web service using Integrated windows authentication
    ... If your web application is being called over the Internet, ... Windows authentication just takes the user credentials that the browser ... If you expect users of your web service to be outside the domain (i.e. not ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Web Service using Windows Authentication
    ... You can pass credentials by setting the Credentials ... which is probably not what you want for a web service. ... >do we make a web service connect to that SQL server? ... The SQL Server uses Windows authentication only. ...
    (microsoft.public.sqlserver.security)
  • Re: Windows Authentication to Web Service
    ... Eugen Walcher wrote: ... supply the right credentials? ... Posted To: microsoft.public.dotnet.framework.compactframework Conversation: Windows Authentication to Web Service ... Windows Authentication to Web Service ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: Windows Authentication question
    ... That's still possible even if you use integrated Windows authentication. ... configured not to pass the client user credentials or because the client ... logon dialog by the browser. ...
    (microsoft.public.dotnet.security)
Loading