Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / September 2004

Tip: Looking for answers? Try searching our database.

Policy choice for the client.

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Gravy - 14 Sep 2004 01:58 GMT
Hi

From what I understand of WSE2.0 and Policy you can declare a service as
requiring say  a Kerberose token and the .net client will automatically wrap
your windows identity in a Kerberose tocken and send it to the server. Is
that basically right? I'm not saying this is all policy does :-).

However, if my service had a policy that says EITHER a kerberose token or a
UserNamePassword token can be given, how can I control what the client
sends. Basically I want the user to determine with the use of a login dialog
their method of authentication - username and password or integrated.

Regards

Gravy
Reply to this Message
Dilip Krishnan - 15 Sep 2004 03:31 GMT
Gravy,
  see below
Regards
Dilip

> Hi
>
> From what I understand of WSE2.0 and Policy you can declare a service as
> requiring say  a Kerberose token and the .net client will automatically wrap
> your windows identity in a Kerberose tocken and send it to the server. Is
> that basically right? I'm not saying this is all policy does :-).

Not true. There are two kinds of policy interactions that WSE uses.. the
client 'enforces' policy and the server 'asserts & enforces'. But theres no
implicit knowledge of a policy on the server side to the client.

> However, if my service had a policy that says EITHER a kerberose token or a
> UserNamePassword token can be given, how can I control what the client
> sends. Basically I want the user to determine with the use of a login dialog
> their method of authentication - username and password or integrated.

So basically the client sends what is appropriate and the server validates
it based on its own policy assertion definition. As far as I know, I dont
think you can specify either or security policies in the policy
configuration.

> Regards
>
> Gravy
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.