 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / January 2006Using Enterprise Library to do SSPI over proprietary protocols
Seems like all of the authentication-related questions I see on the net don't seem to fully answer my question or dive off into alternate tangents. So, here's my situation. If I'm developing a broad distributed environment, where authentication is a necessary facet of the environment. Using protocols like HTTP are not an option for a host of reasons, so we are using a proprietary protocol. We would like to leverage the authentication facilities already available in the OS (NTLM or Kerberos) through the Enterprise Library (authentication and authorization). We're not doing anything thats rocket science here. Client connects to middleware entity and it needs to authenticate with that middleware. But the question becomes *how* do you best facilitate that when you want to use Enterprise Library as part of your authentication solution. Should we not use Enterprise Library for this and simply use an interface to SSPI? Thanks in advance for your comments. It sounds to me like you should be using NegotiateStream here if you want to use a proprietary protocol with SSPI on top of it. That will do what you want. I don't think anything in Ent Lib supports this use case directly. The security stack seems to be mostly for authorization. That is still important, but doesn't get you the SSPI level. Joe K. > Seems like all of the authentication-related questions I see on the net > don't seem to fully answer my question or dive off into alternate [quoted text clipped - 15 lines] > > Thanks in advance for your comments. Understood. However, there are two catches to using the NegotiateStream. The first is one that I am not really concerned about, but its worth noting. Datagram (i.e. streamless protocols) would utilize a different form of the SSPI interface so NegotiateStream wouldn't work. The second one is simply about acceptance of .NET 2.0 in organizations. Given the relatively recent crowning of 2.0 by Microsoft (didn't it go gold in November), it may be more difficult to get acceptance of it as the platform for critical projects. Thank you for your fast response Joe, I do appreciate it! Only you can determine whether .NET 2.0 is right for you within the shipping timeframe of your product. If the product is mostly server-based, getting the framework deployed is usually no big deal. If you need a large client deployment, any kind of deployment will be tricky. You can always implement your own SSPI wrapper as well. In fact, I'm pretty sure MS had a .NET remoting sample demonstrating how to do this for .NET 1.1 on their website. It doesn't help you with UDP necessarily though. I have no idea what to suggest in that case. Joe K. > Understood. However, there are two catches to using the > NegotiateStream. [quoted text clipped - 9 lines] > > Thank you for your fast response Joe, I do appreciate it! Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.