Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / November 2004

Tip: Looking for answers? Try searching our database.

authentication using custom UsernameTokenManager class.....

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Ollie - 15 Nov 2004 15:39 GMT
I have been able to authenticate a user account against Active Directory
using the UsernameTokenManager class,
what I would like to do is determine if the account has a certain role and
check this against the web method that is being called.....

I guess what I'm trying to do is authentication then authorisation for a
particular web method, does WSE 2.0 offer anything for authroisation against
a particular security (AD) role? If not does anyone have any good
suggestions?

What I don't want to do is to use the UsernameTokenManager to do implicit
authentication checks and then have to explict role determination in each
web method I want to be able to do this implicitly some how...

Hope that makes sense....

Ollie Riches
Reply to this Message
Ollie - 15 Nov 2004 15:58 GMT
i found this on MSDN

http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/htm
l/wssecdrill.asp#ws-securitydrill_topic3

and it gives an example on interigating the windows principal object after
authorisation has been completed but this has to be done from inside the web
method not prior to the actual web method being called. Can't WSE do
authorisation in a similar way to it does authentication?

Ollie

> I have been able to authenticate a user account against Active Directory
> using the UsernameTokenManager class,
[quoted text clipped - 13 lines]
>
> Ollie Riches
Reply to this Message
Martin Kulov - 15 Nov 2004 20:55 GMT
Hello Ollie,

You can apply a policy to your web service in which you can specify the group that the user must belong in order to access the service.

Regards,
Martin Kulov
www.codeattest.com
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.